CVE-2004-1145

Sažetak

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

Reference

http://marc.info/?l=bugtraq&m=110356286722875&w=2
http://secunia.com/advisories/13586
http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
http://www.kb.cert.org/vuls/id/420222
http://www.kde.org/info/security/advisory-20041220-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
http://www.redhat.com/support/errata/RHSA-2005-065.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

15-12-2004 - 05:00