7.5

CVE-2004-0411

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKonqueror Version <= 3.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.78% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843
Broken Link
http://marc.info/?l=bugtraq&m=108481412427344&w=2
Third Party Advisory
Mailing List
http://secunia.com/advisories/11602
Broken Link
http://security.gentoo.org/glsa/glsa-200405-11.xml
Third Party Advisory
http://www.ciac.org/ciac/bulletins/o-146.shtml
Broken Link
http://www.debian.org/security/2004/dsa-518
Third Party Advisory
http://www.kde.org/info/security/advisory-20040517-1.txt
Patch
Vendor Advisory
http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html
Broken Link
http://www.osvdb.org/6107
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-222.html
Broken Link
http://www.securityfocus.com/advisories/6717
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/advisories/6743
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/363225
Third Party Advisory
Vendor Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/10358
Third Party Advisory
Broken Link
VDB Entry
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954
Broken Link
Tool Signature