CVE-2004-0411
published 2004-07-07CVE-2004-0411: The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
7.78%
93.9th percentile
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | konqueror | <= 3.2.2 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rgp9-mx7h-rwqv: The URI handlers in Konqueror for KDE 3
ghsa_unreviewed·2022-04-29
CVE-2004-0411 [HIGH] CWE-20 GHSA-rgp9-mx7h-rwqv: The URI handlers in Konqueror for KDE 3
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Red Hat
security flaw
vendor_redhat·2004-05-17·CVSS 7.5
CVE-2004-0411 [HIGH] security flaw
security flaw
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843http://marc.info/?l=bugtraq&m=108481412427344&w=2http://secunia.com/advisories/11602http://security.gentoo.org/glsa/glsa-200405-11.xmlhttp://www.ciac.org/ciac/bulletins/o-146.shtmlhttp://www.debian.org/security/2004/dsa-518http://www.kde.org/info/security/advisory-20040517-1.txthttp://www.novell.com/linux/security/advisories/2004_14_kdelibs.htmlhttp://www.osvdb.org/6107http://www.redhat.com/support/errata/RHSA-2004-222.htmlhttp://www.securityfocus.com/advisories/6717http://www.securityfocus.com/advisories/6743http://www.securityfocus.com/archive/1/363225http://www.securityfocus.com/bid/10358http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635https://exchange.xforce.ibmcloud.com/vulnerabilities/16163https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843http://marc.info/?l=bugtraq&m=108481412427344&w=2http://secunia.com/advisories/11602http://security.gentoo.org/glsa/glsa-200405-11.xmlhttp://www.ciac.org/ciac/bulletins/o-146.shtmlhttp://www.debian.org/security/2004/dsa-518http://www.kde.org/info/security/advisory-20040517-1.txthttp://www.novell.com/linux/security/advisories/2004_14_kdelibs.htmlhttp://www.osvdb.org/6107http://www.redhat.com/support/errata/RHSA-2004-222.htmlhttp://www.securityfocus.com/advisories/6717http://www.securityfocus.com/advisories/6743http://www.securityfocus.com/archive/1/363225http://www.securityfocus.com/bid/10358http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635https://exchange.xforce.ibmcloud.com/vulnerabilities/16163https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954
2004-07-07
Published