Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Multiple Browser Cookie Path Directory Traversal Vulnerability

Mar 10, 2004 12:31AM PST

Critical:
Less critical
Impact: Security Bypass

Where: From remote



Software: KDE 2.x
KDE 3.x
Konqueror 3.x
Konqueror Embedded
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Thunderbird 0.x
Opera 5.x
Opera 6.x
Opera 7.x
Safari 1.x




CVE reference: CAN-2003-0513
CAN-2003-0514
CAN-2003-0592
CAN-2003-0593
CAN-2003-0594



Description:
Corsaire has discovered a vulnerability in multiple vendors' browsers, which can be exploited by malicious people to bypass certain cookie restrictions.

A website can use a path argument for cookies in order to restrict the areas on the website for which a cookie applies and information therefore is exposed to.


More: http://secunia.com/advisories/9680/

Discussion is locked