CVE-2004-1145
KDE Security Advisory 2004-12-20.1
Severity Score
9.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
KDE Security Advisory: Two flaws in the Konqueror webbrowser make it possible to by pass the sandbox environment which is used to run Java-applets. One flaw allows access to restricted Java classes via JavaScript, making it possible to escalate the privileges of the Java-applet. The other problem is that Konqueror fails to correctly restrict access to certain Java classes from the Java-applet itself. All versions of KDE up to KDE 3.3.1 inclusive. KDE 3.3.2 is not affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-12-06 CVE Reserved
- 2004-12-15 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110356286722875&w=2 | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18596 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/13586 | 2017-10-11 | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml | 2017-10-11 | |
| http://www.kb.cert.org/vuls/id/420222 | 2017-10-11 | |
| http://www.kde.org/info/security/advisory-20041220-1.txt | 2017-10-11 | |
| http://www.redhat.com/support/errata/RHSA-2005-065.html | 2017-10-11 |
| URL | Date | SRC |
|---|---|---|
| http://www.heise.de/security/dienste/browsercheck/tests/java.shtml | 2017-10-11 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:154 | 2017-10-11 | |
| https://access.redhat.com/security/cve/CVE-2004-1145 | 2005-02-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1617380 | 2005-02-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.1 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.1" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.2 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.2" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.3 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.3" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.4 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.4" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.5 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.5" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.6 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.6" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.7 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.7" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.8 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.8" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.9 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.9" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.10 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.10" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.11 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.11" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.12 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.12" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.13 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.13" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.14 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.14" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.15 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.15" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.9.16 Search vendor "Ethereal Group" for product "Ethereal" and version "0.9.16" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10.1 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10.1" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10.2 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10.2" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10.3 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10.3" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10.4 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10.4" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10.5 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10.5" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10.6 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10.6" | - |
Affected
| ||||||
| Ethereal Group Search vendor "Ethereal Group" | Ethereal Search vendor "Ethereal Group" for product "Ethereal" | 0.10.7 Search vendor "Ethereal Group" for product "Ethereal" and version "0.10.7" | - |
Affected
| ||||||
| Sgi Search vendor "Sgi" | Propack Search vendor "Sgi" for product "Propack" | 3.0 Search vendor "Sgi" for product "Propack" and version "3.0" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 9.0 Search vendor "Conectiva" for product "Linux" and version "9.0" | - |
Affected
| ||||||
| Conectiva Search vendor "Conectiva" | Linux Search vendor "Conectiva" for product "Linux" | 10.0 Search vendor "Conectiva" for product "Linux" and version "10.0" | - |
Affected
| ||||||
| Altlinux Search vendor "Altlinux" | Alt Linux Search vendor "Altlinux" for product "Alt Linux" | 2.3 Search vendor "Altlinux" for product "Alt Linux" and version "2.3" | compact |
Affected
| ||||||
| Altlinux Search vendor "Altlinux" | Alt Linux Search vendor "Altlinux" for product "Alt Linux" | 2.3 Search vendor "Altlinux" for product "Alt Linux" and version "2.3" | junior |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | alpha |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | arm |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | hppa |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ia-32 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ia-64 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | m68k |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | mips |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | mipsel |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ppc |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | s-390 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | sparc |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1" | advanced_server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1" | advanced_server_ia64 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1" | enterprise_server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1" | enterprise_server_ia64 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1" | workstation |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1" | workstation_ia64 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0" | advanced_server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0" | enterprise_server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0" | workstation_server |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 3.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Advanced Workstation Search vendor "Redhat" for product "Linux Advanced Workstation" | 2.1 Search vendor "Redhat" for product "Linux Advanced Workstation" and version "2.1" | ia64 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Linux Advanced Workstation Search vendor "Redhat" for product "Linux Advanced Workstation" | 2.1 Search vendor "Redhat" for product "Linux Advanced Workstation" and version "2.1" | itanium_processor |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 8.0 Search vendor "Suse" for product "Suse Linux" and version "8.0" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 8.0 Search vendor "Suse" for product "Suse Linux" and version "8.0" | i386 |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 8.1 Search vendor "Suse" for product "Suse Linux" and version "8.1" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 8.2 Search vendor "Suse" for product "Suse Linux" and version "8.2" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 9.0 Search vendor "Suse" for product "Suse Linux" and version "9.0" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 9.0 Search vendor "Suse" for product "Suse Linux" and version "9.0" | x86_64 |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 9.1 Search vendor "Suse" for product "Suse Linux" and version "9.1" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Suse Linux Search vendor "Suse" for product "Suse Linux" | 9.2 Search vendor "Suse" for product "Suse Linux" and version "9.2" | - |
Affected
| ||||||