Back to search
CVE-2013-6166
Published: Feb 15, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20131017 Re: browser document.cookie DoS vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20131016 Re: browser document.cookie DoS vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20130403 browser document.cookie DoS vulnerability
mailing-list
x_refsource_MLIST
http://redmine.lighttpd.net/issues/2188
x_refsource_MISC
https://code.google.com/p/chromium/issues/detail?id=238041
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now