CVE-2004-0411
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/07/2004
Last modified:
03/04/2025
Description
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:* | 3.2.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843
- http://marc.info/?l=bugtraq&m=108481412427344&w=2
- http://secunia.com/advisories/11602
- http://security.gentoo.org/glsa/glsa-200405-11.xml
- http://www.ciac.org/ciac/bulletins/o-146.shtml
- http://www.debian.org/security/2004/dsa-518
- http://www.kde.org/info/security/advisory-20040517-1.txt
- http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html
- http://www.osvdb.org/6107
- http://www.redhat.com/support/errata/RHSA-2004-222.html
- http://www.securityfocus.com/advisories/6717
- http://www.securityfocus.com/advisories/6743
- http://www.securityfocus.com/archive/1/363225
- http://www.securityfocus.com/bid/10358
- http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843
- http://marc.info/?l=bugtraq&m=108481412427344&w=2
- http://secunia.com/advisories/11602
- http://security.gentoo.org/glsa/glsa-200405-11.xml
- http://www.ciac.org/ciac/bulletins/o-146.shtml
- http://www.debian.org/security/2004/dsa-518
- http://www.kde.org/info/security/advisory-20040517-1.txt
- http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html
- http://www.osvdb.org/6107
- http://www.redhat.com/support/errata/RHSA-2004-222.html
- http://www.securityfocus.com/advisories/6717
- http://www.securityfocus.com/advisories/6743
- http://www.securityfocus.com/archive/1/363225
- http://www.securityfocus.com/bid/10358
- http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16163
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954