CVE-2004-1145
NONE EPSS 89.6%
Published Dec 15, 200421y ago · Modified Jun 16, 20262w ago
Published Dec 15, 2004 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
Threat Intelligence
EPSS Exploit Probability
89.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 61
| Vendor | Product | Version | Range |
|---|---|---|---|
| ethereal_group | ethereal | 0.9 | any |
| ethereal_group | ethereal | 0.9.1 | any |
| ethereal_group | ethereal | 0.9.2 | any |
| ethereal_group | ethereal | 0.9.3 | any |
| ethereal_group | ethereal | 0.9.4 | any |
| ethereal_group | ethereal | 0.9.5 | any |
| ethereal_group | ethereal | 0.9.6 | any |
| ethereal_group | ethereal | 0.9.7 | any |
| ethereal_group | ethereal | 0.9.8 | any |
| ethereal_group | ethereal | 0.9.9 | any |
| ethereal_group | ethereal | 0.9.10 | any |
| ethereal_group | ethereal | 0.9.11 | any |
| ethereal_group | ethereal | 0.9.12 | any |
| ethereal_group | ethereal | 0.9.13 | any |
| ethereal_group | ethereal | 0.9.14 | any |
| ethereal_group | ethereal | 0.9.15 | any |
| ethereal_group | ethereal | 0.9.16 | any |
| ethereal_group | ethereal | 0.10 | any |
| ethereal_group | ethereal | 0.10.1 | any |
| ethereal_group | ethereal | 0.10.2 | any |
| ethereal_group | ethereal | 0.10.3 | any |
| ethereal_group | ethereal | 0.10.4 | any |
| ethereal_group | ethereal | 0.10.5 | any |
| ethereal_group | ethereal | 0.10.6 | any |
| ethereal_group | ethereal | 0.10.7 | any |
| sgi | propack | 3.0 | any |
| conectiva | linux | 9.0 | any |
| conectiva | linux | 10.0 | any |
| altlinux | alt_linux | 2.3 | any |
| altlinux | alt_linux | 2.3 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
References 10
- marc.info http://marc.info/?l=bugtraq&m=110356286722875&w=2
- secunia.com http://secunia.com/advisories/13586
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
- heise.de http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
- kb.cert.org http://www.kb.cert.org/vuls/id/420222
- kde.org http://www.kde.org/info/security/advisory-20041220-1.txt
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-065.html
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173
Remediation
- secunia.com http://secunia.com/advisories/13586
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
- kb.cert.org http://www.kb.cert.org/vuls/id/420222
- kde.org http://www.kde.org/info/security/advisory-20041220-1.txt
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-065.html