CVE-2004-0721 - Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain

CVE-2004-0721

Summary

Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.2.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:13:34.730-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:11371

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

rpms

kdebase-6:3.1.3-5.4
kdebase-debuginfo-6:3.1.3-5.4
kdebase-devel-6:3.1.3-5.4
kdelibs-6:3.1.3-6.6
kdelibs-debuginfo-6:3.1.3-6.6
kdelibs-devel-6:3.1.3-6.6

refmap via4

bugtraq	20040811 KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities
conectiva	CLA-2004:864
confirm	http://www.kde.org/info/security/advisory-20040811-3.txt
gentoo	200408-13
misc	http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
secunia	11978
xf	http-frame-spoof(1598)

Last major update

11-10-2017 - 01:29

Published

27-07-2004 - 04:00

Last modified

11-10-2017 - 01:29