Vulnerabilities > CVE-2004-1527

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

NVD

Published: 2004-12-31

Updated: 2021-07-23

Summary

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft IE 6.0 Microsoft Internet Explorer 6.0	2

References

http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html
http://www.securityfocus.com/bid/11680
http://secunia.com/advisories/13208
http://marc.info/?l=bugtraq&m=110053968530613&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18073

Vulnerabilities > CVE-2004-1527 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-1527"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2004-1527