Multiple vendor Web browsers non-secure cookie hijack session

web-browser-cookie-session-hijack (17417) The risk level is classified as MediumMedium Risk

Description:

Multiple vendor Web browsers, including Microsoft Internet Explorer could allow a remote attacker to hijack another user's session. By performing a man-in-the-middle attack or spoofing a connection, a remote attacker could set a non-secure cookie on the victim's Web browser, which would be then sent to a secure server.

Platforms Affected:

  • KDE, Konqueror 3.1.4
  • Microsoft, Internet Explorer 6
  • Mozilla, Firefox 0.9.2
  • Opera, Opera 7.51

Remedy:

No remedy available as of June 27, 2009.

Consequences:

Gain Access

References:

  • Westpoint Security Advisory wp-04-0001, Multiple Browser Cookie Injection Vulnerabilities at http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt.
  • CVE-2004-0869: Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka Cross Security Boundary Cookie Injection.
  • CVE-2004-0870: KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka Cross Security Boundary Cookie Injection.
  • CVE-2004-0871: Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka Cross Security Boundary Cookie Injection.
  • CVE-2004-0872: Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka Cross Security Boundary Cookie Injection.
  • SECTRACK ID: 1011329: Opera Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks
  • SECTRACK ID: 1011330: Konqueror Bug in Sending Non-Secure Cookies via SSL May Let Remote Users Conduct Session Fixation Attacks
  • SECTRACK ID: 1011331: Firefox Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks
  • SECTRACK ID: 1011332: Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks

Reported:

Sep 16, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page