CVE-2004-1145

NONE EPSS 89.6%
Published Dec 15, 200421y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 15, 2004 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

Threat Intelligence

EPSS Exploit Probability
89.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 61

VendorProductVersionRange
ethereal_groupethereal0.9any
ethereal_groupethereal0.9.1any
ethereal_groupethereal0.9.2any
ethereal_groupethereal0.9.3any
ethereal_groupethereal0.9.4any
ethereal_groupethereal0.9.5any
ethereal_groupethereal0.9.6any
ethereal_groupethereal0.9.7any
ethereal_groupethereal0.9.8any
ethereal_groupethereal0.9.9any
ethereal_groupethereal0.9.10any
ethereal_groupethereal0.9.11any
ethereal_groupethereal0.9.12any
ethereal_groupethereal0.9.13any
ethereal_groupethereal0.9.14any
ethereal_groupethereal0.9.15any
ethereal_groupethereal0.9.16any
ethereal_groupethereal0.10any
ethereal_groupethereal0.10.1any
ethereal_groupethereal0.10.2any
ethereal_groupethereal0.10.3any
ethereal_groupethereal0.10.4any
ethereal_groupethereal0.10.5any
ethereal_groupethereal0.10.6any
ethereal_groupethereal0.10.7any
sgipropack3.0any
conectivalinux9.0any
conectivalinux10.0any
altlinuxalt_linux2.3any
altlinuxalt_linux2.3any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux_desktop3.0any
redhatlinux_advanced_workstation2.1any
redhatlinux_advanced_workstation2.1any
susesuse_linux8.0any
susesuse_linux8.0any
susesuse_linux8.1any
susesuse_linux8.2any
susesuse_linux9.0any
susesuse_linux9.0any
susesuse_linux9.1any
susesuse_linux9.2any

References 10

  • marc.info http://marc.info/?l=bugtraq&m=110356286722875&w=2
  • secunia.com http://secunia.com/advisories/13586
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
    PatchVendor Advisory
  • heise.de http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
    Vendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/420222
    PatchThird Party AdvisoryUS Government Resource
  • kde.org http://www.kde.org/info/security/advisory-20041220-1.txt
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-065.html
    PatchVendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173

Remediation

  • secunia.com http://secunia.com/advisories/13586
    PatchVendor Advisory
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
    PatchVendor Advisory
  • kb.cert.org http://www.kb.cert.org/vuls/id/420222
    PatchThird Party AdvisoryUS Government Resource
  • kde.org http://www.kde.org/info/security/advisory-20041220-1.txt
    PatchVendor Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2005-065.html
    PatchVendor Advisory