Multiple vendor Web browsers allows attacker to hijack a user`s session

web-browser-session-hijack (17415) The risk level is classified as MediumMedium Risk

Description:

Multiple vendor Web browsers, including Microsoft Internet Explorer could allow a remote attacker to set cookies within specific top-level domains (TLDs). By setting a cookie on victim's Web browser for specific top-level domains, a remote attacker could cause the Web browser to send the cookies when connecting to any Web server within the same domain, and possibly allow the attacker to hijack the user's session.

Platforms Affected:

  • Microsoft, Internet Explorer 6
  • Mozilla, Firefox 0.9.2

Remedy:

No remedy available as of July 6, 2008.

Consequences:

Gain Access

References:

  • Westpoint Security Advisory wp-04-0001, Multiple Browser Cookie Injection Vulnerabilities at http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt .
  • BID-11186: Multiple Browser Cross-Domain Cookie Injection Vulnerability
  • CVE-2004-0866: Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
  • CVE-2004-0867: Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
  • SA12580: Mozilla / Mozilla Firefox Cross-Domain Cookie Injection Vulnerability
  • SECTRACK ID: 1011331: Firefox Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks
  • SECTRACK ID: 1011332: Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks

Reported:

Sep 16, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page