CVE-2004-1145 [Medium] | Security Bypass in Ethereal

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	4.45%	4.13%	-0.32%
2	2026-01-24	6.71%	4.45%	-2.26%
3	2025-12-23	—	6.71%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

4.45%

4.13%

-0.32%

2026-01-24

6.71%

4.45%

-2.26%

2025-12-23

—

6.71%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

10.0

2.9

[email protected]

OS Trackers for CVE-2004-1145

vendor	priority	summary	link
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2004-1145
`ubuntu`	medium	CVE-2004-1145 medium priority: Ubuntu including 1 source packages (kdelibs), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): released 3, needs-triage 1.	https://ubuntu.com/security/CVE-2004-1145

Affected software / configurations for CVE-2004-1145

Vendor	Product	Version	Raw CPE
ethereal_group	ethereal	0.9	cpe:2.3:a:ethereal_group:ethereal:0.9:::::::*
ethereal_group	ethereal	0.9.1	cpe:2.3:a:ethereal_group:ethereal:0.9.1:::::::*
ethereal_group	ethereal	0.9.2	cpe:2.3:a:ethereal_group:ethereal:0.9.2:::::::*
ethereal_group	ethereal	0.9.3	cpe:2.3:a:ethereal_group:ethereal:0.9.3:::::::*
ethereal_group	ethereal	0.9.4	cpe:2.3:a:ethereal_group:ethereal:0.9.4:::::::*
ethereal_group	ethereal	0.9.5	cpe:2.3:a:ethereal_group:ethereal:0.9.5:::::::*
ethereal_group	ethereal	0.9.6	cpe:2.3:a:ethereal_group:ethereal:0.9.6:::::::*
ethereal_group	ethereal	0.9.7	cpe:2.3:a:ethereal_group:ethereal:0.9.7:::::::*
ethereal_group	ethereal	0.9.8	cpe:2.3:a:ethereal_group:ethereal:0.9.8:::::::*
ethereal_group	ethereal	0.9.9	cpe:2.3:a:ethereal_group:ethereal:0.9.9:::::::*
ethereal_group	ethereal	0.9.10	cpe:2.3:a:ethereal_group:ethereal:0.9.10:::::::*
ethereal_group	ethereal	0.9.11	cpe:2.3:a:ethereal_group:ethereal:0.9.11:::::::*
ethereal_group	ethereal	0.9.12	cpe:2.3:a:ethereal_group:ethereal:0.9.12:::::::*
ethereal_group	ethereal	0.9.13	cpe:2.3:a:ethereal_group:ethereal:0.9.13:::::::*
ethereal_group	ethereal	0.9.14	cpe:2.3:a:ethereal_group:ethereal:0.9.14:::::::*
ethereal_group	ethereal	0.9.15	cpe:2.3:a:ethereal_group:ethereal:0.9.15:::::::*
ethereal_group	ethereal	0.9.16	cpe:2.3:a:ethereal_group:ethereal:0.9.16:::::::*
ethereal_group	ethereal	0.10	cpe:2.3:a:ethereal_group:ethereal:0.10:::::::*
ethereal_group	ethereal	0.10.1	cpe:2.3:a:ethereal_group:ethereal:0.10.1:::::::*
ethereal_group	ethereal	0.10.2	cpe:2.3:a:ethereal_group:ethereal:0.10.2:::::::*
ethereal_group	ethereal	0.10.3	cpe:2.3:a:ethereal_group:ethereal:0.10.3:::::::*
ethereal_group	ethereal	0.10.4	cpe:2.3:a:ethereal_group:ethereal:0.10.4:::::::*
ethereal_group	ethereal	0.10.5	cpe:2.3:a:ethereal_group:ethereal:0.10.5:::::::*
ethereal_group	ethereal	0.10.6	cpe:2.3:a:ethereal_group:ethereal:0.10.6:::::::*
ethereal_group	ethereal	0.10.7	cpe:2.3:a:ethereal_group:ethereal:0.10.7:::::::*
sgi	propack	3.0	cpe:2.3:a:sgi:propack:3.0:::::::*
conectiva	linux	9.0	cpe:2.3:o:conectiva:linux:9.0:::::::*
conectiva	linux	10.0	cpe:2.3:o:conectiva:linux:10.0:::::::*
altlinux	alt_linux	2.3	cpe:2.3:o:altlinux:alt_linux:2.3::compact:::::
altlinux	alt_linux	2.3	cpe:2.3:o:altlinux:alt_linux:2.3::junior:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::alpha:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::arm:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::hppa:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::ia-32:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::ia-64:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::m68k:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::mips:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::mipsel:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::ppc:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::s-390:::::
debian	debian_linux	3.0	cpe:2.3:o:debian:debian_linux:3.0::sparc:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
redhat	enterprise_linux_desktop	3.0	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
redhat	linux_advanced_workstation	2.1	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
redhat	linux_advanced_workstation	2.1	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
suse	suse_linux	8.0	cpe:2.3:o:suse:suse_linux:8.0:::::::*
suse	suse_linux	8.0	cpe:2.3:o:suse:suse_linux:8.0::i386:::::
suse	suse_linux	8.1	cpe:2.3:o:suse:suse_linux:8.1:::::::*
suse	suse_linux	8.2	cpe:2.3:o:suse:suse_linux:8.2:::::::*
suse	suse_linux	9.0	cpe:2.3:o:suse:suse_linux:9.0:::::::*
suse	suse_linux	9.0	cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
suse	suse_linux	9.1	cpe:2.3:o:suse:suse_linux:9.1:::::::*
suse	suse_linux	9.2	cpe:2.3:o:suse:suse_linux:9.2:::::::*

References for CVE-2004-1145

URL	Tags
http://marc.info/?l=bugtraq&m=110356286722875&w=2
http://secunia.com/advisories/13586	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml	Patch Vendor Advisory
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml	Vendor Advisory
http://www.kb.cert.org/vuls/id/420222	Patch Third Party Advisory US Government Resource
http://www.kde.org/info/security/advisory-20041220-1.txt	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
http://www.redhat.com/support/errata/RHSA-2005-065.html	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173

URL

CVE-2004-1145

Exploit prediction scoring system (EPSS) score for CVE-2004-1145

Common vulnerability scoring system (CVSS) metrics for CVE-2004-1145

Weakness enumeration for CVE-2004-1145

OS Trackers for CVE-2004-1145

Affected software / configurations for CVE-2004-1145

References for CVE-2004-1145