Back to search
CVE-2003-0592
Published: Mar 16, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
mailing-list
x_refsource_FULLDISC
20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue
mailing-list
x_refsource_VULNWATCH
DSA-459
vendor-advisory
x_refsource_DEBIAN
oval:org.mitre.oval:def:823
vdb-entry
signature
x_refsource_OVAL
RHSA-2004:074
vendor-advisory
x_refsource_REDHAT
MDKSA-2004:022
vendor-advisory
x_refsource_MANDRAKE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now