CVE Vulnerabilities

CVE-2004-1165

Published: Jan 10, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (%0a) before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Affected Software

Name Vendor Start Version End Version
Kdelibs Kde 3.1 (including) 3.1 (including)
Kdelibs Kde 3.1.1 (including) 3.1.1 (including)
Kdelibs Kde 3.1.2 (including) 3.1.2 (including)
Kdelibs Kde 3.1.3 (including) 3.1.3 (including)
Kdelibs Kde 3.1.4 (including) 3.1.4 (including)
Kdelibs Kde 3.1.5 (including) 3.1.5 (including)
Kdelibs Kde 3.2 (including) 3.2 (including)
Kdelibs Kde 3.2.1 (including) 3.2.1 (including)
Kdelibs Kde 3.2.2 (including) 3.2.2 (including)
Konqueror Kde 3.3.1 (including) 3.3.1 (including)
Red Hat Enterprise Linux 3 RedHat kdebase-6:3.1.3-5.8 *
Red Hat Enterprise Linux 3 RedHat kdelibs-6:3.1.3-6.9 *
Red Hat Enterprise Linux 4 RedHat kdelibs-6:3.3.1-3.3 *
Kdelibs Ubuntu dapper *
Kdelibs Ubuntu devel *
Kdelibs Ubuntu edgy *
Kdelibs Ubuntu feisty *

References