5

CVE-2004-0870

KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKonqueror Version2.1.1
KdeKonqueror Version2.1.2
KdeKonqueror Version2.2.1
KdeKonqueror Version2.2.2
KdeKonqueror Version3.0
KdeKonqueror Version3.0.1
KdeKonqueror Version3.0.2
KdeKonqueror Version3.0.3
KdeKonqueror Version3.0.5
KdeKonqueror Version3.0.5b
KdeKonqueror Version3.1
KdeKonqueror Version3.1.1
KdeKonqueror Version3.1.2
KdeKonqueror Version3.1.3
KdeKonqueror Version3.1.4
KdeKonqueror Version3.1.5
KdeKonqueror Version3.2.1
KdeKonqueror Version3.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.46% 0.701
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securityfocus.com/archive/1/375407
Vendor Advisory
http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17417
http://securitytracker.com/id?1011330