CVE-2004-0870

KDE Konqueror - Cross-Security Boundary Cookie Injection

Title source: llm

Description

KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

References (4)

Core 4

Core References

Vendor Advisory mailing-list x_refsource_bugtraq

http://securityfocus.com/archive/1/375407

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1011330

Vendor Advisory x_refsource_misc

http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17417

Scores

EPSS 0.0082

EPSS Percentile 74.7%

Details

Status published

Products (18)

kde/konqueror 2.1.1

kde/konqueror 2.1.2

kde/konqueror 2.2.1

kde/konqueror 2.2.2

kde/konqueror 3.0

kde/konqueror 3.0.1

kde/konqueror 3.0.2

kde/konqueror 3.0.3

kde/konqueror 3.0.5

kde/konqueror 3.0.5b

... and 8 more

Published Sep 16, 2004

Tracked Since Feb 18, 2026