| ID |
CVE-2008-5698
|
| Summary |
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:kde:kde:3.5.9:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.5.9:*:*:*:*:*:*:*
-
cpe:2.3:o:kde:kde:3.5.10:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.5.10:*:*:*:*:*:*:*
-
cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.3 (as of 29-09-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| bid | 31696 | | exploit-db | 6718 | | secunia | 32208 | | sreason | 4796 | | vupen | ADV-2008-2915 | | xf | konqueror-load-dos(45804) |
|
| statements
via4
|
| contributor | Joshua Bressers | | lastmodified | 2009-01-19 | | organization | Red Hat | | statement | Red Hat does not consider a crash of a client application such as Konqueror to be a security issue. |
|
| Last major update |
29-09-2017 - 01:32 |
| Published |
22-12-2008 - 15:30 |
| Last modified |
29-09-2017 - 01:32 |
