Vulnerability Name: | CVE-2004-0869 (CCN-17417) | ||||||||
Assigned: | 2004-09-16 | ||||||||
Published: | 2004-09-16 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-0869 Source: MITRE Type: CNA CVE-2004-0870 Source: MITRE Type: CNA CVE-2004-0871 Source: MITRE Type: CNA CVE-2004-0872 Source: BUGTRAQ Type: Vendor Advisory 20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities Source: CCN Type: SECTRACK ID: 1011329 Opera Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks Source: CCN Type: SECTRACK ID: 1011330 Konqueror Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks Source: CCN Type: SECTRACK ID: 1011331 Firefox Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks Source: CCN Type: SECTRACK ID: 1011332 Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks Source: SECTRACK Type: UNKNOWN 1011332 Source: CCN Type: OSVDB ID: 10003 Multiple Browser Cross Security Boundary Cookie Injection Source: CCN Type: Westpoint Security Advisory wp-04-0001 Multiple Browser Cookie Injection Vulnerabilities Source: MISC Type: Exploit, Vendor Advisory http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt Source: XF Type: UNKNOWN web-browser-cookie-session-hijack(17417) Source: XF Type: UNKNOWN web-browser-cookie-session-hijack(17417) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |