Vulnerability Details : CVE-2004-0411
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Vulnerability category: Execute code
Products affected by CVE-2004-0411
- cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0411
30.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0411
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2004-0411
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-0411
-
http://secunia.com/advisories/11602
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2004/dsa-518
Debian -- The Universal Operating SystemThird Party Advisory
-
http://www.kde.org/info/security/advisory-20040517-1.txt
Patch;Vendor Advisory
-
http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html
404 Page Not Found | SUSEBroken Link
-
http://www.osvdb.org/6107
404 Not FoundBroken Link
-
http://www.redhat.com/support/errata/RHSA-2004-222.html
SupportBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
KDE URL handler allows attacker unauthorized access CVE-2004-0411 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635
SlackwareBroken Link
-
http://security.gentoo.org/glsa/glsa-200405-11.xml
KDE URI Handler Vulnerabilities (GLSA 200405-11) — Gentoo securityThird Party Advisory
-
http://www.ciac.org/ciac/bulletins/o-146.shtml
Broken Link
-
http://www.securityfocus.com/advisories/6717
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/advisories/6743
Broken Link;Third Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=108481412427344&w=2
'KDE Security Advisory: URI Handler Vulnerabilities' - MARCMailing List;Third Party Advisory
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843
CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)Broken Link
-
http://www.securityfocus.com/bid/10358
Broken Link;Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954
404 Not FoundBroken Link;Tool Signature
-
http://www.securityfocus.com/archive/1/363225
Broken Link;Third Party Advisory;VDB Entry;Vendor Advisory
Jump to