Vulnerability Name:

CVE-2007-1362 (CCN-34613)

Assigned:2007-05-31
Published:2007-05-31
Updated:2018-10-16
Summary:Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-1362

Source: HP
Type: UNKNOWN
HPSBUX02153

Source: OSVDB
Type: UNKNOWN
35140

Source: CCN
Type: RHSA-2007-0400
Critical: firefox security update

Source: CCN
Type: RHSA-2007-0401
Critical: thunderbird security update

Source: CCN
Type: RHSA-2007-0402
Critical: seamonkey security update

Source: SECUNIA
Type: UNKNOWN
25476

Source: SECUNIA
Type: UNKNOWN
25490

Source: SECUNIA
Type: UNKNOWN
25533

Source: SECUNIA
Type: UNKNOWN
25534

Source: SECUNIA
Type: UNKNOWN
25559

Source: SECUNIA
Type: UNKNOWN
25635

Source: SECUNIA
Type: UNKNOWN
25647

Source: SECUNIA
Type: UNKNOWN
25685

Source: SECUNIA
Type: UNKNOWN
25750

Source: SECUNIA
Type: UNKNOWN
25858

Source: GENTOO
Type: UNKNOWN
GLSA-200706-06

Source: CCN
Type: SECTRACK ID: 1018162
Mozilla Seamonkey Lets Remote Users Set Cookie Values to Deny Service

Source: CCN
Type: SECTRACK ID: 1018163
Mozilla Firefox Lets Remote Users Set Cookie Values to Deny Service

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-152-02

Source: CCN
Type: ASA-2007-218
thunderbird security update (RHSA-2007-0401)

Source: CCN
Type: ASA-2007-291
Firefox security update (RHSA-2007-0400)

Source: CCN
Type: ASA-2007-295
SeaMonkey security update (RHSA-2007-0402)

Source: CCN
Type: ASA-2008-008
Multiple Security Vulnerabilities in Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary Code and Access to Unauthorized Data (Sun 103177)

Source: DEBIAN
Type: UNKNOWN
DSA-1300

Source: DEBIAN
Type: UNKNOWN
DSA-1306

Source: DEBIAN
Type: UNKNOWN
DSA-1308

Source: DEBIAN
Type: DSA-1300
iceape -- several vulnerabilities

Source: DEBIAN
Type: DSA-1306
xulrunner -- several vulnerabilities

Source: DEBIAN
Type: DSA-1308
iceweasel -- several vulnerabilities

Source: CCN
Type: GLSA-200706-06
Mozilla products: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:120

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:126

Source: CCN
Type: MFSA 2007-14
Path Abuse in Cookies

Source: CONFIRM
Type: Patch
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html

Source: CCN
Type: MFSA 2007-32
File input focus stealing vulnerability

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:036

Source: OSVDB
Type: UNKNOWN
35139

Source: CCN
Type: OSVDB ID: 35139
Mozilla Multiple Browser Cookie Path Data DoS

Source: CCN
Type: OSVDB ID: 35140
Mozilla Multiple Browser Cross Policy Cookie Handling Weakness

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0400

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0401

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0402

Source: BUGTRAQ
Type: UNKNOWN
20070531 FLEA-2007-0023-1: firefox

Source: BID
Type: UNKNOWN
22879

Source: CCN
Type: BID-22879
Mozilla Firefox Document.Cookie Path Argument Denial of Service Vulnerability

Source: BID
Type: UNKNOWN
24242

Source: CCN
Type: BID-24242
Mozilla Products Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018162

Source: SECTRACK
Type: UNKNOWN
1018163

Source: CCN
Type: USN-468-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-468-1

Source: CERT
Type: US Government Resource
TA07-151A

Source: VUPEN
Type: UNKNOWN
ADV-2007-1994

Source: XF
Type: UNKNOWN
mozilla-doccookie-dos(34613)

Source: XF
Type: UNKNOWN
mozilla-doccookie-dos(34613)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1424

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10759

Source: SUSE
Type: SUSE-SA:2007:036
Mozilla security updates

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20071362
    V
    		CVE-2007-1362
    2015-11-16
    oval:org.mitre.oval:def:18785
    P
    		DSA-1300-1 iceape
    2014-06-23
    oval:org.mitre.oval:def:18918
    P
    		DSA-1306-1 xulrunner
    2014-06-23
    oval:org.mitre.oval:def:18949
    P
    		DSA-1308-1 iceweasel - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:22350
    P
    		ELSA-2007:0401: thunderbird security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22347
    P
    		ELSA-2007:0400: firefox security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:10759
    V
    		Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
    2013-04-29
    oval:org.debian:def:1308
    V
    		several vulnerabilities
    2007-06-14
    oval:org.debian:def:1306
    V
    		several vulnerabilities
    2007-06-12
    oval:org.debian:def:1300
    V
    		several vulnerabilities
    2007-06-07
    oval:com.redhat.rhsa:def:20070400
    P
    		RHSA-2007:0400: firefox security update (Critical)
    2007-05-31
    oval:com.redhat.rhsa:def:20070401
    P
    		RHSA-2007:0401: thunderbird security update (Critical)
    2007-05-31
    oval:com.redhat.rhsa:def:20070402
    P
    		RHSA-2007:0402: seamonkey security update (Critical)
    2007-05-31
    BACK
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla firefox 1.5.0.8
    mozilla firefox 1.5.0.9
    mozilla firefox 1.5.0.10
    mozilla firefox 1.5.0.11
    mozilla firefox 1.5.1
    mozilla firefox 1.5.2
    mozilla firefox 1.5.3
    mozilla firefox 1.5.4
    mozilla firefox 1.5.5
    mozilla firefox 1.5.6
    mozilla firefox 1.5.7
    mozilla firefox 1.5.8
    mozilla firefox 2.0
    mozilla firefox 2.0.0.1
    mozilla firefox 2.0.0.2
    mozilla firefox 2.0.0.3
    mozilla seamonkey 1.0.9
    mozilla seamonkey 1.1.2
    mozilla firefox 2.0
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla firefox 1.5.0.9
    mozilla firefox 2.0.0.1
    mozilla firefox 2.0.0.2
    mozilla firefox 2.0.0.3
    mozilla seamonkey 1.1.2
    mozilla seamonkey 1.0.9
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.10
    mozilla firefox 1.5.0.11
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.8
    mozilla firefox 1.5.1
    mozilla firefox 1.5.2
    mozilla firefox 1.5.3
    mozilla firefox 1.5.4
    mozilla firefox 1.5.5
    mozilla firefox 1.5.6
    mozilla firefox 1.5.7
    mozilla firefox 1.5.8
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    novell open enterprise server *
    novell opensuse 10.2