fkie_nvd - fkie_cve-2004-0746

fkie_cve-2004-0746

Vulnerability from fkie_nvd

Published

2004-10-20 04:00

Modified

2024-11-20 23:49

Severity ?

Summary

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
cve@mitre.org	http://marc.info/?l=bugtraq&m=109327681304401&w=2
cve@mitre.org	http://secunia.com/advisories/12341
cve@mitre.org	http://www.kde.org/info/security/advisory-20040823-1.txt
cve@mitre.org	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
cve@mitre.org	http://www.securityfocus.com/bid/10991	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109327681304401&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12341
af854a3a-2127-422b-91ae-364da2661108	http://www.kde.org/info/security/advisory-20040823-1.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/10991	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17063
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281

Impacted products

Vendor	Product	Version
kde	konqueror	3.0
kde	konqueror	3.0.1
kde	konqueror	3.0.2
kde	konqueror	3.0.3
kde	konqueror	3.0.5
kde	konqueror	3.0.5b
kde	konqueror	3.1
kde	konqueror	3.1.1
kde	konqueror	3.1.2
kde	konqueror	3.1.3
kde	konqueror	3.1.5
kde	konqueror	3.2.1
kde	konqueror	3.2.3
gentoo	linux	1.4
kde	kde	3.1.3
kde	kde	3.2
mandrakesoft	mandrake_linux	9.2
mandrakesoft	mandrake_linux	9.2
mandrakesoft	mandrake_linux	10.0
mandrakesoft	mandrake_linux	10.0
suse	suse_linux	8
suse	suse_linux	8.1
suse	suse_linux	8.2
suse	suse_linux	9.0
suse	suse_linux	9.0
suse	suse_linux	9.0
suse	suse_linux	9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3096F2-B0F1-45E1-806D-6434DE56619A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82F69843-978D-4686-BC5B-1D09DA4A21BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
    },
    {
      "lang": "es",
      "value": "Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior espec\u00edficos de pa\u00edses, como ltd.uk o com.es, lo que podr\u00eda permitir a atacantes remotos realizar un ataque de fijaci\u00f3n de sesi\u00f3n y secuestrar una sesi\u00f3n HTTP de un usuario."
    }
  ],
  "id": "CVE-2004-0746",
  "lastModified": "2024-11-20T23:49:18.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000864"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109327681304401\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12341"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.kde.org/info/security/advisory-20040823-1.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10991"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17063"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109327681304401\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kde.org/info/security/advisory-20040823-1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-0746

Vulnerability from cvelistv5

Published

2004-09-14 04:00

Modified

2024-08-08 00:31