Launchpad CVE tracker

CVE 2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

Related bugs and status

CVE-2004-1145 (Candidate) is related to these bugs:

Bug #11326: kdelibs: CAN-2004-1145: Konqueror Java Vulnerability

Summary				In	Importance	Status
	11326	kdelibs: CAN-2004-1145: Konqueror Java Vulnerability		kdelibs (Ubuntu)	High	Fix Released
	11326	kdelibs: CAN-2004-1145: Konqueror Java Vulnerability		kdelibs (Debian)	Unknown	Fix Released

Bug #11467: KIOSlave FTP client can be made to send email

Summary				In	Importance	Status
	11467	KIOSlave FTP client can be made to send email		kdelibs (Ubuntu)	High	Invalid
	11467	KIOSlave FTP client can be made to send email		kdelibs (Debian)	Unknown	Fix Released

Bug #11565: CAN-2004-1165: FTP command injection bug

Summary				In	Importance	Status
	11565	CAN-2004-1165: FTP command injection bug		kdelibs (Ubuntu)	High	Fix Released
	11565	CAN-2004-1165: FTP command injection bug		kdelibs (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2004-1145

References