CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
74.0%
Konqueror can associate a cookie with multiple domains when the DNS
resolver has a non-root domain in its search list, which allows remote
attackers to trick a user into accepting a cookie for a hostname formed via
search-list expansion of the hostname entered by the user, or steal a
cookie for an expanded hostname, as demonstrated by an attacker who
operates an ap1.com Internet web site to steal cookies associated with an
ap1.com.example.com intranet web site.
Author | Note |
---|---|
kees | Not fixed upstream, negligible. |