fkie_nvd - fkie_cve-2004-0866

fkie_cve-2004-0866

Vulnerability from fkie_nvd

Published

2004-09-16 04:00

Modified

2025-04-03 01:03

Severity ?

Summary

Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=109536612321898&w=2
cve@mitre.org	http://securitytracker.com/id?1011332	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/11186	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17415
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=109536612321898&w=2
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1011332	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11186	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17415

Impacted products

Vendor	Product	Version
kde	konqueror	2.1.1
kde	konqueror	2.1.2
kde	konqueror	2.2.1
kde	konqueror	2.2.2
kde	konqueror	3.0
kde	konqueror	3.0.1
kde	konqueror	3.0.2
kde	konqueror	3.0.3
kde	konqueror	3.0.5
kde	konqueror	3.0.5b
kde	konqueror	3.1
kde	konqueror	3.1.1
kde	konqueror	3.1.2
kde	konqueror	3.1.3
kde	konqueror	3.1.4
kde	konqueror	3.1.5
kde	konqueror	3.2.1
kde	konqueror	3.2.3
microsoft	ie	6.0
microsoft	ie	6.0
microsoft	internet_explorer	6.0
mozilla	firefox	0.9.2
suse	suse_linux	1.0
suse	suse_linux	8
suse	suse_linux	8.1
suse	suse_linux	8.2
suse	suse_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "417F34FB-A6B0-4090-BDC9-6D4C1BF0D3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61416A22-7309-4890-80B8-6E7C09C7BE8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F918814C-F129-4534-921A-38AF678A7016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FED2DFC-592C-4FD3-B0B7-C670C78F56DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC65385-B190-44BE-9AF8-B14F48303046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F7BAE27-7AB1-4DBD-98AD-6109F0D9A458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF8A54F6-96A9-44B8-97C8-50DA7276708D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1001754B-8EDB-41A2-9D5D-6E2A2B556DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D57D87-3E6A-4A73-85BA-EE679E9DA8D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BE888B-FE26-4378-B853-29995A55920C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E4FC9B-F47C-4BD5-B2C7-23CBAD2D5488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0172B167-5780-4F80-ACC9-2FB8B60D6717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0DB31D-D075-409C-9ED9-A9E1D96332CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
              "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session."
    }
  ],
  "id": "CVE-2004-0866",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-09-16T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1011332"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11186"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109536612321898\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1011332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17415"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2004-0866 (GCVE-0-2004-0866)

Vulnerability from cvelistv5

Published

2005-02-13 05:00