CVE-2005-4684
3 documents3 sources
Severity
6.4MEDIUM
EPSS
0.3%
top 43.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 31
Latest updateMay 1
Description
Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
CVSS vector
AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-76ww-rw5h-92jq: Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers t↗2022-05-01
CVEList▶
CVE-2005-4684: Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers t↗2006-02-01