CVE-2013-6166
published 2014-02-15CVE-2013-6166: Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote…
PriorityP434medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.86%
76.6th percentile
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | <= 28.0.1500.95 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://redmine.lighttpd.net/issues/2188http://seclists.org/oss-sec/2013/q4/117http://seclists.org/oss-sec/2013/q4/121http://www.openwall.com/lists/oss-security/2013/04/03/10https://code.google.com/p/chromium/issues/detail?id=238041http://redmine.lighttpd.net/issues/2188http://seclists.org/oss-sec/2013/q4/117http://seclists.org/oss-sec/2013/q4/121http://www.openwall.com/lists/oss-security/2013/04/03/10https://code.google.com/p/chromium/issues/detail?id=238041
2014-02-15
Published