CVE-2004-1145 : Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

Published 2004-12-15 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2004-1145

SGI » Propack » Version: 3.0
cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 PPC Edition
cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 S-390 Edition
cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Mips Edition
cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Mipsel Edition
cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Alpha Edition
cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 ARM Edition
cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Hppa Edition
cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Sparc Edition
cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Ia-64 Edition
cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 M68k Edition
cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 3.0 Ia-32 Edition
cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Advanced Server Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Workstation Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Workstation Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Advanced Server Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Enterprise Server Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 2.1 Enterprise Server Ia64 Edition
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Enterprise Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Workstation Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 3.0 Advanced Server Edition
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 3.0
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Linux Advanced Workstation » Version: 2.1 Itanium Processor Edition
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
Matching versions
Redhat » Linux Advanced Workstation » Version: 2.1 Ia64 Edition
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.0 I386 Edition
cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.0
cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.0 X86 64 Edition
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.2
cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.1
cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.3
cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.4
cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.5
cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.8
cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.9
cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.6
cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.7
cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.11
cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.12
cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.13
cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.14
cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.10
cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9
cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.15
cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.9.16
cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10.1
cpe:2.3:a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10.2
cpe:2.3:a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10
cpe:2.3:a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10.3
cpe:2.3:a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10.4
cpe:2.3:a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10.6
cpe:2.3:a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10.7
cpe:2.3:a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*
Matching versions
Ethereal Group » Ethereal » Version: 0.10.5
cpe:2.3:a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 9.0
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 10.0
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
Matching versions
Altlinux » Alt Linux » Version: 2.3 Compact Edition
cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*
Matching versions
Altlinux » Alt Linux » Version: 2.3 Junior Edition
cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-1145

EPSS FAQ

6.72%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-1145

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2004-1145

http://www.mandriva.com/security/advisories?name=MDKSA-2004:154

Advisories | Mandriva
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml

Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml

Konqueror: Java sandbox vulnerabilities (GLSA 200501-16) — Gentoo security
Patch;Vendor Advisory
http://www.kb.cert.org/vuls/id/420222

VU#420222 - Konqueror fails to restrict access to Java classes
Patch;Third Party Advisory;US Government Resource
http://marc.info/?l=bugtraq&m=110356286722875&w=2

'KDE Security Advisory: Konqueror Java Vulnerability' - MARC
http://www.kde.org/info/security/advisory-20041220-1.txt

Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173
http://www.redhat.com/support/errata/RHSA-2005-065.html

Support
Patch;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/18596

Konqueror bypass sandbox restriction CVE-2004-1145 Vulnerability Report
http://secunia.com/advisories/13586

About Secunia Research | Flexera
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2004-1145

Products affected by CVE-2004-1145

Exploit prediction scoring system (EPSS) score for CVE-2004-1145

CVSS scores for CVE-2004-1145

References for CVE-2004-1145