Konqueror In KDE Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Konqueror and is prone to Denial of Service Vulnerability.

Impact

Successful exploitation will allow attacker to trigger the use of a deleted object within the HTMLTokenizer::scriptHandler() method and can cause a crash.

Solution

Upgrade to KDE Konqueror version 4.4.3 or later. For updates refer to http://www.kde.org/download

Insight

These flaws are due to, - improper handling of JavaScript document.load Function calls targeting the current document which can cause denial of service. - HTML parser in KDE Konqueror causes denial of service via a long attribute in HR element or a long BGCOLOR or BORDERCOLOR.

Affected

Konqueror in KDE version 3.5.10 or prior.

References

http://secunia.com/advisories/32208

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4514, CVE-2008-5712
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Crash SMC AP
Apple Safari Denial Of Service Vulnerability - Jul09
ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
Adobe Flash Media Server Remote Denial of Service Vulnerability (August-2011)
DB2 DOS

Konqueror in KDE Denial of Service Vulnerability

Take action and discover your vulnerabilities