| Vulnerability Name: | CVE-2004-0866 (CCN-17415) |
| Assigned: | 2004-09-16 |
| Published: | 2004-09-16 |
| Updated: | 2021-07-23 |
| Summary: | Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
|
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2004-0866
Source: MITRE
Type: CNA
CVE-2004-0867
Source: BUGTRAQ
Type: UNKNOWN
20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities
Source: CCN
Type: SA12580
Mozilla / Mozilla Firefox Cross-Domain Cookie Injection Vulnerability
Source: CCN
Type: SECTRACK ID: 1011331
Firefox Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks
Source: CCN
Type: SECTRACK ID: 1011332
Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks
Source: SECTRACK
Type: Vendor Advisory
1011332
Source: CCN
Type: OSVDB ID: 48818
Microsoft IE Top Level Domain Cross-Domain Cookie Fixation
Source: BID
Type: Patch, Vendor Advisory
11186
Source: CCN
Type: BID-11186
Multiple Browser Cross-Domain Cookie Injection Vulnerability
Source: CCN
Type: Westpoint Security Advisory wp-04-0001
Multiple Browser Cookie Injection Vulnerabilities
Source: XF
Type: UNKNOWN
web-browser-session-hijack(17415)
Source: XF
Type: UNKNOWN
web-browser-session-hijack(17415)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:kde:konqueror:3.0.2:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.0.3:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.1.4:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.1.5:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.0:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.0.1:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.1.2:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.1.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:2.1.1:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:2.1.2:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:2.2.2:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.1:*:*:*:*:*:*:*OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.1.1:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.2.3:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:2.2.1:*:*:*:*:*:*:*OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.2.1:*:*:*:*:*:*:*OR cpe:/a:kde:konqueror:3.0.5:*:*:*:*:*:*:*OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |