|
|
Multiple Browser Cross-Domain Cookie Injection Vulnerability
|
Bugtraq ID:
|
11186
|
|
Class:
|
Design Error
|
|
CVE:
|
CVE-2004-0746
CVE-2004-0866
CVE-2004-0867
CVE-2004-0868
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Sep 15 2004 12:00AM
|
|
Updated:
|
Jul 12 2009 07:06AM
|
|
Credit:
|
Discovery is credited to Paul Johnston <paul@westpoint.ltd.uk>.
|
|
Vulnerable:
|
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
Mozilla Firefox 0.9.2
Microsoft Internet Explorer 6.0 SP2 - do not use
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
KDE Konqueror 3.2.3
KDE Konqueror 3.2.1
KDE Konqueror 3.1.5
KDE Konqueror 3.1.4
KDE Konqueror 3.1.3
KDE Konqueror 3.1.2
+
KDE KDE 3.1.2
KDE Konqueror 3.1.1
+
KDE KDE 3.1.1
KDE Konqueror 3.1
+
MandrakeSoft Linux Mandrake 9.1 ppc
+
MandrakeSoft Linux Mandrake 9.1
+
MandrakeSoft Linux Mandrake 9.1
KDE Konqueror 3.0.5 b
KDE Konqueror 3.0.5
+
MandrakeSoft Corporate Server 2.1
+
MandrakeSoft Linux Mandrake 9.0
+
MandrakeSoft Linux Mandrake 9.0
KDE Konqueror 3.0.3
+
KDE KDE 3.0.3
KDE Konqueror 3.0.2
+
KDE KDE 3.0.2
KDE Konqueror 3.0.1
+
KDE KDE 3.0.1
KDE Konqueror 3.0
+
KDE KDE 3.0
KDE Konqueror 2.2.2
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
Debian Linux 3.0
+
RedHat Enterprise Linux AS 2.1 IA64
+
RedHat Enterprise Linux AS 2.1
+
RedHat Enterprise Linux ES 2.1 IA64
+
RedHat Enterprise Linux ES 2.1
+
RedHat Enterprise Linux WS 2.1 IA64
+
RedHat Enterprise Linux WS 2.1
+
RedHat Linux Advanced Work Station 2.1
+
Turbolinux Turbolinux Server 8.0
+
Turbolinux Turbolinux Server 7.0
+
Turbolinux Turbolinux Workstation 8.0
+
Turbolinux Turbolinux Workstation 7.0
KDE Konqueror 2.2.1
KDE Konqueror 2.1.2
KDE Konqueror 2.1.1
|
|
|
|
Not Vulnerable:
|
KDE Konqueror 3.3
|
|
|
