CVE-2004-1145
First published: Wed Dec 15 2004(Updated: )
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ethereal | =0.10.1 | |
| Ethereal | =0.9.2 | |
| Conectiva Linux | =9.0 | |
| Ethereal | =0.9.6 | |
| SGI ProPack | =3.0 | |
| Ethereal | =0.9.5 | |
| Ethereal | =0.10.2 | |
| Ethereal | =0.9.14 | |
| Ethereal | =0.9.15 | |
| Ethereal | =0.9.10 | |
| Ethereal | =0.9.8 | |
| Ethereal | =0.10.3 | |
| Ethereal | =0.10.4 | |
| Ethereal | =0.10.7 | |
| Ethereal | =0.9.16 | |
| Ethereal | =0.10.5 | |
| Ethereal | =0.9.3 | |
| Ethereal | =0.10 | |
| Ethereal | =0.9.13 | |
| Ethereal | =0.9.9 | |
| Ethereal | =0.9.11 | |
| Ethereal | =0.9.7 | |
| Ethereal | =0.9.4 | |
| Ethereal | =0.9.1 | |
| Conectiva Linux | =10.0 | |
| Ethereal | =0.10.6 | |
| Ethereal | =0.9 | |
| Ethereal | =0.9.12 | |
| Red Hat Enterprise Linux | =2.1 | |
| SUSE Linux | =9.2 | |
| Red Hat Enterprise Linux Desktop | =3.0 | |
| Debian | =3.0 | |
| SUSE Linux | =9.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Debian | =3.0 | |
| SUSE Linux | =8.2 | |
| ALT Linux | =2.3 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| SUSE Linux | =9.0 | |
| Debian | =3.0 | |
| SUSE Linux | =8.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Debian | =3.0 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| SUSE Linux | =8.0 | |
| SUSE Linux | =9.1 | |
| ALT Linux | =2.3 | |
| Red Hat Enterprise Linux | =3.0 | |
| Debian | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Debian | =3.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Debian | =3.0 | |
| SUSE Linux | =8.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
- http://www.kde.org/info/security/advisory-20041220-1.txt
- http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
- http://www.redhat.com/support/errata/RHSA-2005-065.html
- http://www.kb.cert.org/vuls/id/420222
- http://secunia.com/advisories/13586
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
- http://marc.info/?l=bugtraq&m=110356286722875&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173
Frequently Asked Questions
What is the severity of CVE-2004-1145?
CVE-2004-1145 is considered a high severity vulnerability due to its potential to allow unauthorized access to restricted Java classes.
How do I fix CVE-2004-1145?
To fix CVE-2004-1145, you should upgrade to a version of Konqueror that is later than KDE 3.3.1, which contains the necessary patches.
What systems are affected by CVE-2004-1145?
CVE-2004-1145 affects Konqueror in KDE versions up to and including 3.3.1 as well as various distributions that include these versions.
Can CVE-2004-1145 allow data leakage?
Yes, CVE-2004-1145 can allow remote attackers to bypass sandbox restrictions and access sensitive data.
Is CVE-2004-1145 specific to certain Java implementations?
CVE-2004-1145 specifically relates to vulnerabilities within Konqueror's handling of JavaScript and Java classes, not specific Java implementations.
- agent/references
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- vendor/ethereal group
- product/ethereal
- canonical/ethereal group ethereal
- vendor/conectiva
- product/linux
- canonical/conectiva linux
- vendor/sgi
- product/propack
- canonical/sgi propack
- vendor/redhat
- product/enterprise linux
- canonical/redhat enterprise linux
- vendor/suse
- product/suse linux
- canonical/suse suse linux
- product/enterprise linux desktop
- canonical/redhat enterprise linux desktop
- vendor/debian
- product/debian linux
- canonical/debian debian linux
- product/linux advanced workstation
- canonical/redhat linux advanced workstation
- vendor/altlinux
- product/alt linux
- canonical/altlinux alt linux
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/ethereal
- version/ethereal/0.10.1
- version/ethereal/0.9.2
- version/conectiva linux/9.0
- version/ethereal/0.9.6
- version/sgi propack/3.0
- version/ethereal/0.9.5
- version/ethereal/0.10.2
- version/ethereal/0.9.14
- version/ethereal/0.9.15
- version/ethereal/0.9.10
- version/ethereal/0.9.8
- version/ethereal/0.10.3
- version/ethereal/0.10.4
- version/ethereal/0.10.7
- version/ethereal/0.9.16
- version/ethereal/0.10.5
- version/ethereal/0.9.3
- version/ethereal/0.10
- version/ethereal/0.9.13
- version/ethereal/0.9.9
- version/ethereal/0.9.11
- version/ethereal/0.9.7
- version/ethereal/0.9.4
- version/ethereal/0.9.1
- version/conectiva linux/10.0
- version/ethereal/0.10.6
- version/ethereal/0.9
- version/ethereal/0.9.12
- canonical/red hat enterprise linux
- version/red hat enterprise linux/2.1
- canonical/suse linux
- version/suse linux/9.2
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/3.0
- canonical/debian
- version/debian/3.0
- version/suse linux/9.0
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- version/suse linux/8.2
- canonical/alt linux
- version/alt linux/2.3
- version/red hat enterprise linux/3.0
- version/suse linux/8.0
- version/suse linux/9.1
- version/suse linux/8.1