ID CVE-2008-4382
Summary Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:konqueror:3.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:kde:konqueror:3.5.9:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2018 - 20:51)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bugtraq 20080930 Re: MS Internet Explorer 7 Denial Of Service Exploit
xf konqueror-alert-function-dos(45645)
statements via4
contributor Joshua Bressers
lastmodified 2017-08-07
organization Red Hat
statement We do not consider a crash of a client application such as Konqueror to be a security issue.
Last major update 11-10-2018 - 20:51
Published 02-10-2008 - 18:18
Back to Top