Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 - | |
References | () http://marc.info/?l=bugtraq&m=109327681304401&w=2 - | |
References | () http://secunia.com/advisories/12341 - | |
References | () http://www.kde.org/info/security/advisory-20040823-1.txt - | |
References | () http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086 - | |
References | () http://www.securityfocus.com/bid/10991 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/17063 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281 - |
Information
Published : 2004-10-20 04:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-0746
Mitre link : CVE-2004-0746
CVE.ORG link : CVE-2004-0746
JSON object : View
Products Affected
kde
- konqueror
- kde
suse
- suse_linux
gentoo
- linux
mandrakesoft
- mandrake_linux
CWE