KDE Konqueror Cookie Domain Validation Vulnerability

It is reported that Konqueror is susceptible to a vulnerability while validating cookie domains, allowing web servers to receive potentially sensitive cookie data not intended for them.

This vulnerability presents itself when Konqueror allows a web site to set a cookie with domain restrictions containing certain country-specific top-level domains.

Attackers may exploit this vulnerability to inject cookie data into the domains of third party web servers. This may allow for denial of service attacks against other web services, by injecting invalid or conflicting cookie data. Other attacks are also likely possible, depending on the design of targeted web services.

Further details are unknown at this time. This BID will be updated as further information is disclosed.


 

Privacy Statement
Copyright 2010, SecurityFocus