cbcvebase.
CVE-2004-0870
published 2004-09-16

CVE-2004-0870: KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain…

PriorityP415medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.46%
70.2th percentile
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

Affected

18 ranges
VendorProductVersion rangeFixed in
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
kdekonqueror
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.