Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2011-1168 First vendor Publication 2011-04-18
Vendor Cve Last vendor Modification 2018-10-09

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1168

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13867
 
Oval ID: oval:org.mitre.oval:def:13867
Title: USN-1110-1 -- kde4libs vulnerabilities
Description: kde4libs: KDE 4 core applications An attacker could send crafted input to Konqueror to view sensitive information.
Family: unix Class: patch
Reference(s): USN-1110-1
CVE-2011-1094
CVE-2011-1168
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): kde4libs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21872
 
Oval ID: oval:org.mitre.oval:def:21872
Title: RHSA-2011:0464: kdelibs security update (Moderate)
Description: Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
Family: unix Class: patch
Reference(s): RHSA-2011:0464-01
CVE-2011-1094
CVE-2011-1168
Version: 29
Platform(s): Red Hat Enterprise Linux 6
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23600
 
Oval ID: oval:org.mitre.oval:def:23600
Title: ELSA-2011:0464: kdelibs security update (Moderate)
Description: Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
Family: unix Class: patch
Reference(s): ELSA-2011:0464-01
CVE-2011-1094
CVE-2011-1168
Version: 13
Platform(s): Oracle Linux 6
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27884
 
Oval ID: oval:org.mitre.oval:def:27884
Title: DEPRECATED: ELSA-2011-0464 -- kdelibs security update (moderate)
Description: [6:4.3.4-11.2] - rebase the fix for CVE-2011-1094 [6:4.3.4-11.1] - fixes CVE-2011-1094, CVE-2011-1168
Family: unix Class: patch
Reference(s): ELSA-2011-0464
CVE-2011-1094
CVE-2011-1168
Version: 4
Platform(s): Oracle Linux 6
Product(s): kdelibs
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 23

OpenVAS Exploits

Date Description
2012-06-06 Name : RedHat Update for kdelibs RHSA-2011:0464-01
File : nvt/gb_RHSA-2011_0464-01_kdelibs.nasl
2011-05-10 Name : Ubuntu Update for kde4libs USN-1110-1
File : nvt/gb_ubuntu_USN_1110_1.nasl
2011-04-22 Name : Fedora Update for libextractor FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_libextractor_fc14.nasl
2011-04-22 Name : Fedora Update for kdemultimedia FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdemultimedia_fc14.nasl
2011-04-22 Name : Fedora Update for kdenetwork FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdenetwork_fc14.nasl
2011-04-22 Name : Fedora Update for kdepimlibs FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdepimlibs_fc14.nasl
2011-04-22 Name : Fedora Update for kdeplasma-addons FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeplasma-addons_fc14.nasl
2011-04-22 Name : Fedora Update for kdesdk FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdesdk_fc14.nasl
2011-04-22 Name : Fedora Update for kdetoys FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdetoys_fc14.nasl
2011-04-22 Name : Fedora Update for kdeutils FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeutils_fc14.nasl
2011-04-22 Name : Fedora Update for koffice FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_koffice_fc14.nasl
2011-04-22 Name : Fedora Update for kphotoalbum FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kphotoalbum_fc14.nasl
2011-04-22 Name : Fedora Update for krename FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_krename_fc14.nasl
2011-04-22 Name : Fedora Update for darktable FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_darktable_fc14.nasl
2011-04-22 Name : Fedora Update for libgexiv2 FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_libgexiv2_fc14.nasl
2011-04-22 Name : Fedora Update for merkaartor FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_merkaartor_fc14.nasl
2011-04-22 Name : Fedora Update for oxygen-icon-theme FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_oxygen-icon-theme_fc14.nasl
2011-04-22 Name : Fedora Update for pyexiv2 FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_pyexiv2_fc14.nasl
2011-04-22 Name : Fedora Update for qtpfsgui FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_qtpfsgui_fc14.nasl
2011-04-22 Name : Fedora Update for rawstudio FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_rawstudio_fc14.nasl
2011-04-22 Name : Fedora Update for shotwell FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_shotwell_fc14.nasl
2011-04-22 Name : Fedora Update for strigi FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_strigi_fc14.nasl
2011-04-22 Name : Fedora Update for ufraw FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_ufraw_fc14.nasl
2011-04-22 Name : Mandriva Update for kdelibs4 MDVSA-2011:075 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2011_075.nasl
2011-04-22 Name : Fedora Update for kdegraphics FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdegraphics_fc14.nasl
2011-04-22 Name : Fedora Update for kdelibs FEDORA-2011-5183
File : nvt/gb_fedora_2011_5183_kdelibs_fc13.nasl
2011-04-22 Name : Fedora Update for exiv2 FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_exiv2_fc14.nasl
2011-04-22 Name : Fedora Update for geeqie FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_geeqie_fc14.nasl
2011-04-22 Name : Fedora Update for gipfel FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gipfel_fc14.nasl
2011-04-22 Name : Fedora Update for gnome-commander FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gnome-commander_fc14.nasl
2011-04-22 Name : Fedora Update for gpscorrelate FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gpscorrelate_fc14.nasl
2011-04-22 Name : Fedora Update for gthumb FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gthumb_fc14.nasl
2011-04-22 Name : Fedora Update for hugin FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_hugin_fc14.nasl
2011-04-22 Name : Fedora Update for immix FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_immix_fc14.nasl
2011-04-22 Name : Fedora Update for kde-l10n FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kde-l10n_fc14.nasl
2011-04-22 Name : Fedora Update for kdeaccessibility FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeaccessibility_fc14.nasl
2011-04-22 Name : Fedora Update for kdeadmin FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeadmin_fc14.nasl
2011-04-22 Name : Fedora Update for kdeartwork FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeartwork_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase-runtime FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase-runtime_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase-workspace FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase-workspace_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase_fc14.nasl
2011-04-22 Name : Fedora Update for kdebindings FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebindings_fc14.nasl
2011-04-22 Name : Fedora Update for kdeedu FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeedu_fc14.nasl
2011-04-22 Name : Fedora Update for kdegames FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdegames_fc14.nasl
2011-04-22 Name : Fedora Update for kdelibs FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdelibs_fc14.nasl
0000-00-00 Name : Slackware Advisory SSA:2011-101-02 kdelibs
File : nvt/esoft_slk_ssa_2011_101_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71876 KDE Konqueror khtml/khtml_part.cpp KHTMLPart::htmlError() Function Error Page...

KDE Konqueror contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the URL when it is displayed via the error page upon submission to the 'HTMLPart::htmlError()' function in 'khtml/khtml_part.cpp'. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0464.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110421_kdelibs_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1110-1.nasl - Type : ACT_GATHER_INFO
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-101-02.nasl - Type : ACT_GATHER_INFO
2011-05-27 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2011-04-22 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-5200.nasl - Type : ACT_GATHER_INFO
2011-04-22 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2011-5221.nasl - Type : ACT_GATHER_INFO
2011-04-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0464.nasl - Type : ACT_GATHER_INFO
2011-04-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-075.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/47304
BUGTRAQ http://www.securityfocus.com/archive/1/517432/100/0/threaded
http://www.securityfocus.com/archive/1/517433/100/0/threaded
CONFIRM http://www.kde.org/info/security/advisory-20110411-1.txt
https://bugzilla.redhat.com/show_bug.cgi?id=695398
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
MISC http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
SECTRACK http://securitytracker.com/id?1025322
SECUNIA http://secunia.com/advisories/44065
http://secunia.com/advisories/44108
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2011&...
SREASON http://securityreason.com/securityalert/8208
SUSE http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
UBUNTU http://www.ubuntu.com/usn/USN-1110-1
VUPEN http://www.vupen.com/english/advisories/2011/0927
http://www.vupen.com/english/advisories/2011/0928
http://www.vupen.com/english/advisories/2011/0990
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/66697

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2020-05-23 00:28:02
  • Multiple Updates
2018-10-10 00:19:42
  • Multiple Updates
2017-08-17 09:23:22
  • Multiple Updates
2016-04-26 20:38:01
  • Multiple Updates
2014-06-14 13:30:32
  • Multiple Updates
2014-02-21 13:21:42
  • Multiple Updates
2014-02-17 11:01:07
  • Multiple Updates
2013-05-10 22:56:40
  • Multiple Updates