CVE-2004-0870

3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.8%
top 25.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE Konqueror
Timeline
PublishedSep 16
Latest updateApr 29

Description

KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDkde/konqueror18 versions+17

🔴Vulnerability Details

2
GHSA
GHSA-jc7r-7928-5hc3: KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the sam2022-04-29
CVEList
CVE-2004-0870: KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the sam2005-02-13
CVE-2004-0870 (MEDIUM CVSS 5) | KDE Konqueror does not prevent cook | cvebase.io