CVE-2003-0514
Apple Safari - Cookie Access Restriction Bypass via URL-Encoded Directory Traversal
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-0514. PoCs published by Corsaire Limited.
AI-analyzed exploit summary The exploit describes a cookie path argument restriction bypass vulnerability in multiple vendor Internet Browsers due to improper sanitization of encoded URI content. An attacker can craft a URI with encoded directory traversal sequences to access path-exclusive cookies from an alternate path.
Description
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Exploits (1)
The exploit describes a cookie path argument restriction bypass vulnerability in multiple vendor Internet Browsers due to improper sanitization of encoded URI content. An attacker can craft a URI with encoded directory traversal sequences to access path-exclusive cookies from an alternate path.