Remote Command Injection in Konqueror 3.3.1 Affecting Users
CVE-2004-1165

Currently unrated

Key Information:

Vendor

Kde

Status
Konqueror
Kdelibs
Vendor
CVE Published:
10 January 2005

What is CVE-2004-1165?

The Konqueror web browser version 3.3.1 presents a vulnerability where remote attackers can execute arbitrary FTP commands. This is achieved by manipulating ftp:// URLs to include a URL-encoded newline (%0a) before the FTP command, allowing malicious commands to be injected into the FTP session. This exploitation can lead to unauthorized command execution, thereby compromising system integrity. Users of Konqueror are advised to update to a patched version to mitigate these security risks.

References

http://www.redhat.com/support/errata/RHSA-2005-065.html
vendor-advisoryx_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml
vendor-advisoryx_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.