CVE-2004-1158

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

References

http://marc.info/?l=bugtraq&m=110296048613575&w=2

http://secunia.com/advisories/13254

http://secunia.com/advisories/13477

http://secunia.com/advisories/13486

http://secunia.com/advisories/13560

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

http://secunia.com/secunia_research/2004-13/advisory/

http://www.kde.org/info/security/advisory-20041213-1.txt

http://www.novell.com/linux/security/advisories/2005_01_sr.html

http://www.redhat.com/support/errata/RHSA-2005-009.html

http://www.securityfocus.com/bid/11853

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11056

Details

Source: MITRE

Published: 2005-01-10

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
19083FreeBSD : web browsers -- window injection vulnerabilities (b0911985-6e2a-11d9-9557-000a95bc6fae)NessusFreeBSD Local Security Checks
high
16366RHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2005:009)NessusRed Hat Local Security Checks
high
2531Konqueror Web Browser < 3.3.3 Remote Window HijackingNessus Network MonitorWeb Clients
low
16003GLSA-200412-16 : kdelibs, kdebase: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
15981Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:150)NessusMandriva Local Security Checks
high