Konqueror In KDE Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Konqueror and is prone to Denial of Service Vulnerability.

Impact

Successful exploitation will allow attacker to trigger the use of a deleted object within the HTMLTokenizer::scriptHandler() method and can cause a crash.

Solution

Upgrade to KDE Konqueror version 4.4.3 or later. For updates refer to http://www.kde.org/download

Insight

These flaws are due to, - improper handling of JavaScript document.load Function calls targeting the current document which can cause denial of service. - HTML parser in KDE Konqueror causes denial of service via a long attribute in HR element or a long BGCOLOR or BORDERCOLOR.

Affected

Konqueror in KDE version 3.5.10 or prior.

References

http://secunia.com/advisories/32208

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4514, CVE-2008-5712

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ejabberd 'client2server' Message Remote Denial of Service Vulnerability
ClamAV 'parseicon()' Denial Of Service Vulnerability
ejabberd XML Parsing Denial of Service Vulnerability (Windows)
Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)

Konqueror in KDE Denial of Service Vulnerability

Take action and discover your vulnerabilities