CVE-2002-1152 - Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, whi

CVE-2002-1152

Summary

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

References

Vulnerable Configurations

cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*
cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:24)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2002:220

refmap via4

bid	5691
bugtraq	20020910 KDE Security Advisory: Secure Cookie Vulnerability
confirm	http://www.kde.org/info/security/advisory-20020908-1.txt
xf	kde-konqueror-cookie-hijacking(10083)

Last major update

18-10-2016 - 02:24

Published

11-10-2002 - 04:00

Last modified

18-10-2016 - 02:24