Vulnerability Name:

CVE-2003-0514 (CCN-15424)

Assigned:2004-03-10
Published:2004-03-10
Updated:2008-09-05
Summary:Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Mar 10 2004 - 07:12:16 CST
Multiple vendor HTTP user agent cookie path traversal issue

Source: VULNWATCH
Type: Exploit, Vendor Advisory
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue

Source: MITRE
Type: CNA
CVE-2003-0513

Source: MITRE
Type: CNA
CVE-2003-0514

Source: MITRE
Type: CNA
CVE-2003-0592

Source: MITRE
Type: CNA
CVE-2003-0593

Source: MITRE
Type: CNA
CVE-2003-0594

Source: FULLDISC
Type: UNKNOWN
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue

Source: CCN
Type: RHSA-2004-074
kdelibs security update

Source: CCN
Type: RHSA-2004-075
Updated kdelibs packages resolve cookie security issue

Source: CCN
Type: RHSA-2004-110
mozilla security update

Source: CCN
Type: RHSA-2004-112
Updated Mozilla packages fix security issues

Source: CCN
Type: SA9680
Multiple Browser Cookie Path Directory Traversal Vulnerability

Source: CCN
Type: SECTRACK ID: 1010121
(HP Issues Fix for HP-UX) Mozilla Cookie Path Restrictions Can Be Bypassed By Remote Servers

Source: CCN
Type: CIAC Information Bulletin 0-106
Mozilla 1.4.2 Vulnerabilities

Source: DEBIAN
Type: DSA-459
kdelibs -- cookie path traversal

Source: CCN
Type: SCO Security Advisory SCOSA-2004.8
OpenServer 5.0.7 : Mozilla Multiple issues

Source: CCN
Type: OSVDB ID: 4186
Microsoft IE Cookie Path Traversal

Source: CCN
Type: OSVDB ID: 4187
Apple Safari Cookie Path Traversal Information Disclosure

Source: CCN
Type: OSVDB ID: 4189
Opera Cookie Path Traversal

Source: CCN
Type: BID-9323
Mozilla Browser Cookie Path Restriction Bypass Vulnerability

Source: CCN
Type: BID-9330
Mozilla URI Sub-Directory Arbitrary Cookie Access Vulnerability

Source: CCN
Type: BID-9841
Multiple Vendor Internet Browser Cookie Path Argument Restriction Bypass Vulnerability

Source: XF
Type: UNKNOWN
web-browser-cookie-bypass(15424)

Source: SUSE
Type: SUSE-SA:2004:007
openssl: remote denial-of-service

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:*:*:*:*:*:*:*:*
  • OR cpe:/a:kde:konqueror_embedded:*:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:*:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    apple safari 1.0
    apple safari 1.1
    opera opera browser *
    microsoft ie *
    mozilla mozilla *
    kde konqueror embedded *
    kde kde *
    apple safari *
    suse suse linux database server *
    suse suse linux connectivity server *
    debian debian linux 3.0
    suse suse linux office server *
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    redhat enterprise linux 2.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2