CVE-2004-0411

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*

History

13 Feb 2024, 18:01

Type Values Removed Values Added
CWE CWE-20 CWE-88
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=108481412427344&w=2 - Mailing List (BUGTRAQ) http://marc.info/?l=bugtraq&m=108481412427344&w=2 - Mailing List, Third Party Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 - Tool Signature (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954 - Broken Link, Tool Signature

Information

Published : 2004-07-07 04:00

Updated : 2024-02-28 10:24


NVD link : CVE-2004-0411

Mitre link : CVE-2004-0411

CVE.ORG link : CVE-2004-0411


JSON object : View

Products Affected

kde

  • konqueror
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')