CVE-2004-0411

CWE-88CWE-20Improper Input Validation6 documents5 sources
Severity
7.5HIGH
EPSS
6.5%
top 8.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE Konqueror
Timeline
PublishedJul 7
Latest updateApr 29

Description

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDkde/konqueror3.2.2

Patches

Patch: www.kde.orgPatch: www.kde.org

🔴Vulnerability Details

2
GHSA
GHSA-rgp9-mx7h-rwqv: The URI handlers in Konqueror for KDE 32022-04-29
CVEList
CVE-2004-0411: The URI handlers in Konqueror for KDE 32004-05-20

📋Vendor Advisories

1
Red Hat
security flaw2004-05-17

💬Community

1
Bugzilla
CVE-2004-0411 security flaw2018-08-16
CVE-2004-0411 (HIGH CVSS 7.5) | The URI handlers in Konqueror for K | cvebase.io