fkie_nvd - fkie_cve-2004-0867

fkie_cve-2004-0867

Vulnerability from fkie_nvd

Published

2004-12-23 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

References

URL	Tags
cve@mitre.org	http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=109536612321898&w=2
cve@mitre.org	http://secunia.com/advisories/12580/
cve@mitre.org	http://securitytracker.com/id?1011331
cve@mitre.org	http://www.securityfocus.com/bid/11186	Vendor Advisory
cve@mitre.org	https://bugzilla.mozilla.org/show_bug.cgi?id=252342
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17415
af854a3a-2127-422b-91ae-364da2661108	http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109536612321898&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/12580/
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1011331
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11186	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=252342
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17415

Impacted products

Vendor	Product	Version
kde	konqueror	2.1.1
kde	konqueror	2.1.2
kde	konqueror	2.2.1
kde	konqueror	2.2.2
kde	konqueror	3.0
kde	konqueror	3.0.1
kde	konqueror	3.0.2
kde	konqueror	3.0.3
kde	konqueror	3.0.5
kde	konqueror	3.0.5b
kde	konqueror	3.1
kde	konqueror	3.1.1
kde	konqueror	3.1.2
kde	konqueror	3.1.3
kde	konqueror	3.1.4
kde	konqueror	3.1.5
kde	konqueror	3.2.1
kde	konqueror	3.2.3
microsoft	ie	6.0
microsoft	ie	6.0
microsoft	internet_explorer	6.0
mozilla	firefox	0.9.2
suse	suse_linux	1.0
suse	suse_linux	8
suse	suse_linux	8.1
suse	suse_linux	8.2
suse	suse_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "417F34FB-A6B0-4090-BDC9-6D4C1BF0D3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61416A22-7309-4890-80B8-6E7C09C7BE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F918814C-F129-4534-921A-38AF678A7016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BE888B-FE26-4378-B853-29995A55920C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
              "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session.  NOTE: it was later reported that 2.x is also affected."
    },
    {
      "lang": "es",
      "value": "Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior espec\u00edficos de pa\u00edses, como .ltd.uk, .plc.uk, y .sch.uk, lo que podr\u00eda permitir a atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versi\u00f3n 2.X tambi\u00e9n se encuentra afectada por esta vulnerabilidad."
    }
  ],
  "id": "CVE-2004-0867",
  "lastModified": "2024-11-20T23:49:34.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-23T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12580/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1011331"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11186"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12580/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1011331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=252342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-0867

Vulnerability from cvelistv5

Published

2004-09-24 04:00

Modified

2024-08-08 00:31