Vulnerability Details CVE-2004-0870
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://securityfocus.com/archive/1/375407
- http://securitytracker.com/id?1011330
- http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17417
- http://securityfocus.com/archive/1/375407
- http://securitytracker.com/id?1011330
- http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17417
Products affected by CVE-2004-0870
-
cpe:2.3:a:kde:konqueror:2.1.1
-
cpe:2.3:a:kde:konqueror:2.1.2
-
cpe:2.3:a:kde:konqueror:2.2.1
-
cpe:2.3:a:kde:konqueror:2.2.2
-
cpe:2.3:a:kde:konqueror:3.0
-
cpe:2.3:a:kde:konqueror:3.0.1
-
cpe:2.3:a:kde:konqueror:3.0.2
-
cpe:2.3:a:kde:konqueror:3.0.3
-
cpe:2.3:a:kde:konqueror:3.0.5
-
cpe:2.3:a:kde:konqueror:3.0.5b
-
cpe:2.3:a:kde:konqueror:3.1
-
cpe:2.3:a:kde:konqueror:3.1.1
-
cpe:2.3:a:kde:konqueror:3.1.2
-
cpe:2.3:a:kde:konqueror:3.1.3
-
cpe:2.3:a:kde:konqueror:3.1.4
-
cpe:2.3:a:kde:konqueror:3.1.5
-
cpe:2.3:a:kde:konqueror:3.2.1
-
cpe:2.3:a:kde:konqueror:3.2.3