Lucene search
Ubuntu.comUB:CVE-2008-6059HistoryFeb 05, 2009 - 12:00 a.m.
CVE-2008-6059
2009-02-0500:00:00
ubuntu.com
ubuntu.com
10
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
70.6%
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly
restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2
HTTP response headers, which allows remote attackers to obtain sensitive
information from cookies via XMLHttpRequest calls, related to the HTTPOnly
protection mechanism.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516555>
- <https://bugs.webkit.org/show_bug.cgi?id=10957>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-6059>
Notes
| Author | Note |
|---|---|
| mdeslaur | may not be vulnerable, see debian bug upstream patch is mac and win only. version of webkit in linux needs libsoup for cookie support. |
Related
cve
cve
CVE-2008-6059
2009-02-05 00:30:00
prion
prion
Design/Logic Flaw
2009-02-05 00:30:00
cvelist
cvelist
CVE-2008-6059
2009-02-05 00:00:00
nvd
nvd
CVE-2008-6059
2009-02-05 00:30:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
70.6%
Related for UB:CVE-2008-6059