ID: CVE-2003-0592

Last Modified: Oct. 11, 2017

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

NVD-CWE-Other

Condition Configuration
OR
OR
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
Alle Schwachstellen für kde
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>