4.3 - CVE-2011-1168

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2011-1168	First vendor Publication	2011-04-18
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1168

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13867

Oval ID:	oval:org.mitre.oval:def:13867
Title:	USN-1110-1 -- kde4libs vulnerabilities
Description:	kde4libs: KDE 4 core applications An attacker could send crafted input to Konqueror to view sensitive information.
Family:	unix	Class:	patch
Reference(s):	USN-1110-1 CVE-2011-1094 CVE-2011-1168	Version:	5
Platform(s):	Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04	Product(s):	kde4libs
Definition Synopsis:
Release section Ubuntu 10.10 is installed AND Installed architecture is all AND Packages section libkio5 DPKG is earlier than 4:4.5.1-0ubuntu8.1 AND libkhtml5 DPKG is earlier than 4:4.5.1-0ubuntu8.1 OR Release section Ubuntu 9.10 is installed AND Installed architecture is all AND kdelibs5 DPKG is earlier than 4:4.3.2-0ubuntu7.3 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND kdelibs5 DPKG is earlier than 4:4.4.5-0ubuntu1.1

Definition Id: oval:org.mitre.oval:def:21872

Oval ID:	oval:org.mitre.oval:def:21872
Title:	RHSA-2011:0464: kdelibs security update (Moderate)
Description:	Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:0464-01 CVE-2011-1094 CVE-2011-1168	Version:	29
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	kdelibs
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section kdelibs-apidocs is earlier than 6:4.3.4-11.el6_0.2 AND kdelibs-common is earlier than 6:4.3.4-11.el6_0.2 AND kdelibs-devel is earlier than 6:4.3.4-11.el6_0.2 AND kdelibs is earlier than 6:4.3.4-11.el6_0.2

Definition Id: oval:org.mitre.oval:def:23600

Oval ID:	oval:org.mitre.oval:def:23600
Title:	ELSA-2011:0464: kdelibs security update (Moderate)
Description:	Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:0464-01 CVE-2011-1094 CVE-2011-1168	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	kdelibs
Definition Synopsis:
Oracle Linux 6.x rpm test kdelibs-apidocs is earlier than 6:4.3.4-11.el6_0.2 AND kdelibs-common is earlier than 6:4.3.4-11.el6_0.2 AND kdelibs-devel is earlier than 6:4.3.4-11.el6_0.2 AND kdelibs is earlier than 6:4.3.4-11.el6_0.2

Definition Id: oval:org.mitre.oval:def:27884

Oval ID:	oval:org.mitre.oval:def:27884
Title:	DEPRECATED: ELSA-2011-0464 -- kdelibs security update (moderate)
Description:	[6:4.3.4-11.2] - rebase the fix for CVE-2011-1094 [6:4.3.4-11.1] - fixes CVE-2011-1094, CVE-2011-1168
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-0464 CVE-2011-1094 CVE-2011-1168	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	kdelibs
Definition Synopsis:
Oracle Linux 6.x Packages match section kdelibs is earlier than 0:4.3.4-11.el6_0.2 AND kdelibs-apidocs is earlier than 0:4.3.4-11.el6_0.2 AND kdelibs-common is earlier than 0:4.3.4-11.el6_0.2 AND kdelibs-devel is earlier than 0:4.3.4-11.el6_0.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Kde Kde Sc cpe:2.3:a:kde:kde_sc:4.6.1:::::::* cpe:2.3:a:kde:kde_sc:4.6.0:::::::* cpe:2.3:a:kde:kde_sc:4.6:beta2:::::: cpe:2.3:a:kde:kde_sc:4.6:beta1:::::: cpe:2.3:a:kde:kde_sc:4.6:rc2:::::: cpe:2.3:a:kde:kde_sc:4.6:rc1:::::: cpe:2.3:a:kde:kde_sc:4.5.5:::::::* cpe:2.3:a:kde:kde_sc:4.5.4:::::::* cpe:2.3:a:kde:kde_sc:4.5.3:::::::* cpe:2.3:a:kde:kde_sc:4.5.2:::::::* cpe:2.3:a:kde:kde_sc:4.5.1:::::::* cpe:2.3:a:kde:kde_sc:4.5.0:::::::* cpe:2.3:a:kde:kde_sc:4.4.5:::::::* cpe:2.3:a:kde:kde_sc:4.4.4:::::::* cpe:2.3:a:kde:kde_sc:4.4.3:::::::* cpe:2.3:a:kde:kde_sc:4.4.2:::::::* cpe:2.3:a:kde:kde_sc:4.4.1:::::::* cpe:2.3:a:kde:kde_sc:4.4.0:beta1:::::: cpe:2.3:a:kde:kde_sc:4.4.0:rc3:::::: cpe:2.3:a:kde:kde_sc:4.4.0:rc1:::::: cpe:2.3:a:kde:kde_sc:4.4.0:beta2:::::: cpe:2.3:a:kde:kde_sc:4.4.0:::::::* cpe:2.3:a:kde:kde_sc:4.4.0:rc2::::::	23

OpenVAS Exploits

Date	Description
2012-06-06	Name : RedHat Update for kdelibs RHSA-2011:0464-01 File : nvt/gb_RHSA-2011_0464-01_kdelibs.nasl
2011-05-10	Name : Ubuntu Update for kde4libs USN-1110-1 File : nvt/gb_ubuntu_USN_1110_1.nasl
2011-04-22	Name : Fedora Update for libextractor FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_libextractor_fc14.nasl
2011-04-22	Name : Fedora Update for kdemultimedia FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdemultimedia_fc14.nasl
2011-04-22	Name : Fedora Update for kdenetwork FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdenetwork_fc14.nasl
2011-04-22	Name : Fedora Update for kdepimlibs FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdepimlibs_fc14.nasl
2011-04-22	Name : Fedora Update for kdeplasma-addons FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdeplasma-addons_fc14.nasl
2011-04-22	Name : Fedora Update for kdesdk FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdesdk_fc14.nasl
2011-04-22	Name : Fedora Update for kdetoys FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdetoys_fc14.nasl
2011-04-22	Name : Fedora Update for kdeutils FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdeutils_fc14.nasl
2011-04-22	Name : Fedora Update for koffice FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_koffice_fc14.nasl
2011-04-22	Name : Fedora Update for kphotoalbum FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kphotoalbum_fc14.nasl
2011-04-22	Name : Fedora Update for krename FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_krename_fc14.nasl
2011-04-22	Name : Fedora Update for darktable FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_darktable_fc14.nasl
2011-04-22	Name : Fedora Update for libgexiv2 FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_libgexiv2_fc14.nasl
2011-04-22	Name : Fedora Update for merkaartor FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_merkaartor_fc14.nasl
2011-04-22	Name : Fedora Update for oxygen-icon-theme FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_oxygen-icon-theme_fc14.nasl
2011-04-22	Name : Fedora Update for pyexiv2 FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_pyexiv2_fc14.nasl
2011-04-22	Name : Fedora Update for qtpfsgui FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_qtpfsgui_fc14.nasl
2011-04-22	Name : Fedora Update for rawstudio FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_rawstudio_fc14.nasl
2011-04-22	Name : Fedora Update for shotwell FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_shotwell_fc14.nasl
2011-04-22	Name : Fedora Update for strigi FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_strigi_fc14.nasl
2011-04-22	Name : Fedora Update for ufraw FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_ufraw_fc14.nasl
2011-04-22	Name : Mandriva Update for kdelibs4 MDVSA-2011:075 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2011_075.nasl
2011-04-22	Name : Fedora Update for kdegraphics FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdegraphics_fc14.nasl
2011-04-22	Name : Fedora Update for kdelibs FEDORA-2011-5183 File : nvt/gb_fedora_2011_5183_kdelibs_fc13.nasl
2011-04-22	Name : Fedora Update for exiv2 FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_exiv2_fc14.nasl
2011-04-22	Name : Fedora Update for geeqie FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_geeqie_fc14.nasl
2011-04-22	Name : Fedora Update for gipfel FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_gipfel_fc14.nasl
2011-04-22	Name : Fedora Update for gnome-commander FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_gnome-commander_fc14.nasl
2011-04-22	Name : Fedora Update for gpscorrelate FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_gpscorrelate_fc14.nasl
2011-04-22	Name : Fedora Update for gthumb FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_gthumb_fc14.nasl
2011-04-22	Name : Fedora Update for hugin FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_hugin_fc14.nasl
2011-04-22	Name : Fedora Update for immix FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_immix_fc14.nasl
2011-04-22	Name : Fedora Update for kde-l10n FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kde-l10n_fc14.nasl
2011-04-22	Name : Fedora Update for kdeaccessibility FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdeaccessibility_fc14.nasl
2011-04-22	Name : Fedora Update for kdeadmin FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdeadmin_fc14.nasl
2011-04-22	Name : Fedora Update for kdeartwork FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdeartwork_fc14.nasl
2011-04-22	Name : Fedora Update for kdebase-runtime FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdebase-runtime_fc14.nasl
2011-04-22	Name : Fedora Update for kdebase-workspace FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdebase-workspace_fc14.nasl
2011-04-22	Name : Fedora Update for kdebase FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdebase_fc14.nasl
2011-04-22	Name : Fedora Update for kdebindings FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdebindings_fc14.nasl
2011-04-22	Name : Fedora Update for kdeedu FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdeedu_fc14.nasl
2011-04-22	Name : Fedora Update for kdegames FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdegames_fc14.nasl
2011-04-22	Name : Fedora Update for kdelibs FEDORA-2011-5200 File : nvt/gb_fedora_2011_5200_kdelibs_fc14.nasl
0000-00-00	Name : Slackware Advisory SSA:2011-101-02 kdelibs File : nvt/esoft_slk_ssa_2011_101_02.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
71876	KDE Konqueror khtml/khtml_part.cpp KHTMLPart::htmlError() Function Error Page... KDE Konqueror contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the URL when it is displayed via the error page upon submission to the 'HTMLPart::htmlError()' function in 'khtml/khtml_part.cpp'. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Description

71876

KDE Konqueror khtml/khtml_part.cpp KHTMLPart::htmlError() Function Error Page...

KDE Konqueror contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the URL when it is displayed via the error page upon submission to the 'HTMLPart::htmlError()' function in 'khtml/khtml_part.cpp'. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0464.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110421_kdelibs_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-06-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1110-1.nasl - Type : ACT_GATHER_INFO
2011-05-28	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-101-02.nasl - Type : ACT_GATHER_INFO
2011-05-27	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2011-05-13	Name : The remote openSUSE host is missing a security update. File : suse_11_2_kdelibs4-110418.nasl - Type : ACT_GATHER_INFO
2011-04-22	Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-5200.nasl - Type : ACT_GATHER_INFO
2011-04-22	Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-5221.nasl - Type : ACT_GATHER_INFO
2011-04-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0464.nasl - Type : ACT_GATHER_INFO
2011-04-21	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-075.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/47304
BUGTRAQ	http://www.securityfocus.com/archive/1/517432/100/0/threaded http://www.securityfocus.com/archive/1/517433/100/0/threaded
CONFIRM	http://www.kde.org/info/security/advisory-20110411-1.txt https://bugzilla.redhat.com/show_bug.cgi?id=695398
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
MISC	http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
SECTRACK	http://securitytracker.com/id?1025322
SECUNIA	http://secunia.com/advisories/44065 http://secunia.com/advisories/44108
SLACKWARE	http://slackware.com/security/viewer.php?l=slackware-security&y=2011&...
SREASON	http://securityreason.com/securityalert/8208
SUSE	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
UBUNTU	http://www.ubuntu.com/usn/USN-1110-1
VUPEN	http://www.vupen.com/english/advisories/2011/0927 http://www.vupen.com/english/advisories/2011/0928 http://www.vupen.com/english/advisories/2011/0990
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/66697

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-02-13 09:28:58	Multiple Updates
2023-02-02 21:28:48	Multiple Updates
2021-05-04 12:14:11	Multiple Updates
2021-04-22 01:15:24	Multiple Updates
2020-05-23 00:28:02	Multiple Updates
2018-10-10 00:19:42	Multiple Updates
2017-08-17 09:23:22	Multiple Updates
2016-04-26 20:38:01	Multiple Updates
2014-06-14 13:30:32	Multiple Updates
2014-02-21 13:21:42	Multiple Updates
2014-02-17 11:01:07	Multiple Updates
2013-05-10 22:56:40	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	4
CPE ID(s)	23
Sources(s)	18
osvdb(s)	1
Openvas Exploit(s)	46
Nessus® Exploit(s)	12

	Related
4.3	USN-1110-1
4.3	RHSA-2011:0464
4.3	MDVSA-2011:075
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)