Multiple Browser Cross-Domain Cookie Injection Vulnerability

Bugtraq ID: 11186
Class: Design Error
CVE: CVE-2004-0746
CVE-2004-0866
CVE-2004-0867
CVE-2004-0868
Remote: Yes
Local: No
Published: Sep 15 2004 12:00AM
Updated: Jul 12 2009 07:06AM
Credit: Discovery is credited to Paul Johnston <paul@westpoint.ltd.uk>.
Vulnerable: SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE Linux Desktop 1.0
SuSE Linux 8.1
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Mozilla Firefox 0.9.2
Microsoft Internet Explorer 6.0 SP2 - do not use
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
KDE Konqueror 3.2.3
KDE Konqueror 3.2.1
KDE Konqueror 3.1.5
KDE Konqueror 3.1.4
KDE Konqueror 3.1.3
KDE Konqueror 3.1.2
+ KDE KDE 3.1.2
KDE Konqueror 3.1.1
+ KDE KDE 3.1.1
KDE Konqueror 3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
KDE Konqueror 3.0.5 b
KDE Konqueror 3.0.5
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
KDE Konqueror 3.0.3
+ KDE KDE 3.0.3
KDE Konqueror 3.0.2
+ KDE KDE 3.0.2
KDE Konqueror 3.0.1
+ KDE KDE 3.0.1
KDE Konqueror 3.0
+ KDE KDE 3.0
KDE Konqueror 2.2.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Redhat Enterprise Linux AS 2.1 IA64
+ Redhat Enterprise Linux AS 2.1
+ Redhat Enterprise Linux ES 2.1 IA64
+ Redhat Enterprise Linux ES 2.1
+ Redhat Enterprise Linux WS 2.1 IA64
+ Redhat Enterprise Linux WS 2.1
+ Redhat Linux Advanced Work Station 2.1
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
KDE Konqueror 2.2.1
KDE Konqueror 2.1.2
KDE Konqueror 2.1.1
Not Vulnerable: KDE Konqueror 3.3


 

Privacy Statement
Copyright 2010, SecurityFocus