Vulnerabilities > CVE-2005-4684 - Unspecified vulnerability in KDE Konqueror
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
Vulnerable Configurations
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html
- http://www.securityfocus.com/bid/15331
- http://www.securityfocus.com/bid/15331
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25291
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25291