|
Microsoft Internet Explorer Cookie Path Attribute Vulnerability
|
|
Secunia Advisory:
|
SA13208
|
|
|
Release Date:
|
2004-11-17
|
|
Last Update:
|
2005-02-21
|
|
Popularity:
|
33,982 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Hijacking
|
|
Where:
|
From remote
|
|
Solution Status:
|
Partial Fix
|
|
| Software: | Microsoft Internet Explorer 6.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Keigo Yamazaki has reported a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct session fixation attacks.
The vulnerability is caused due to a validation error in the handling of the path attribute when accepting cookies. This can potentially be exploited by a malicious website, if the trusted site supports wildcard domains or the domain name contains the malicious sites domain, using a specially crafted path attribute to overwrite cookies for the trusted site.
The vulnerability has been reported in Internet Explorer 6.0 SP1 on Microsoft Windows XP SP1. Microsoft Windows XP SP2 is reportedly not affected.
Note: Successful exploitation also requires that the trusted site handles cookies and authentication in an inappropriate or insecure manner.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
