CVE-2005-4684

Konqueror - Cookie Domain Spoofing via DNS Search List Expansion

Title source: llm

Description

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15331

Third Party Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25291

Scores

EPSS 0.0034

EPSS Percentile 56.5%

Details

Status published

Products (23)

kde/konqueror 0.1

kde/konqueror 2.1.1

kde/konqueror 2.1.2

kde/konqueror 2.2.1

kde/konqueror 2.2.2

kde/konqueror 3.0

kde/konqueror 3.0.1

kde/konqueror 3.0.2

kde/konqueror 3.0.3

kde/konqueror 3.0.5

... and 13 more

Published Dec 31, 2005

Tracked Since Feb 18, 2026