Back to search
CVE-2009-0419
Published: Feb 4, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
msxml-httponly-cookie-information-disclosure(48815)
vdb-entry
x_refsource_XF
https://bugzilla.mozilla.org/show_bug.cgi?id=380418
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now