Lucene search
MitreCVELIST:CVE-2009-0419HistoryFeb 04, 2009 - 7:00 p.m.
CVE-2009-0419
2009-02-0419:00:00
mitre
www.cve.org
5
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
Related
nvd
nvd
CVE-2009-0419
2009-02-04 19:30:00
CVE-2008-4033
2008-11-12 23:30:02
prion
prion
Design/Logic Flaw
2009-02-04 19:30:00
Cross site scripting
2008-11-12 23:30:00
cve
cve
CVE-2009-0419
2009-02-04 19:30:00
CVE-2008-4033
2008-11-12 23:30:02
seebug
seebug
Microsoft XML Core Services传输编码跨域信息泄露漏洞(MS08-069)
2008-11-13 00:00:00
Microsoft XML Core Services XMLHttpRequest SetCookie2头信息泄露漏洞
2009-02-19 00:00:00
cvelist
cvelist
CVE-2008-4033
2008-11-12 23:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft XML Core Services Chunked Request (MS08-069; CVE-2008-4033)
2008-11-11 00:00:00
openvas
openvas
Microsoft XML Core Service Information Disclosure Vulnerability
2009-02-18 00:00:00
Microsoft XML Core Service Information Disclosure Vulnerability
2009-02-18 00:00:00
Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
2008-11-12 00:00:00
exploitdb
exploitdb
Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
2008-11-23 00:00:00
securityvulns
securityvulns
mskb
mskb
nessus
nessus