Back to search
CVE-2008-6059
Published: Feb 5, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugs.webkit.org/show_bug.cgi?id=10957
x_refsource_CONFIRM
http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp
x_refsource_CONFIRM
33804
vdb-entry
x_refsource_BID
webkit-xmlhttprequest-info-disclosure(48575)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now