CVE-2004-0746 Information

Description

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains such as .ltd.uk .plc.uk and .firm.in which could allow remote attackers to perform a session fixation attack and hijack a user’s HTTP session.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109327681304401&w=2 http://secunia.com/advisories/12341 http://www.kde.org/info/security/advisory-20040823-1.txt http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086 http://www.securityfocus.com/bid/10991 https://exchange.xforce.ibmcloud.com/vulnerabilities/17063 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11281