CVE-2003-0594

Severity

75%

Complexity

99%

Confidentiality

106%

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla Mozilla

First reported 20 years ago

2004-04-15 04:00:00

Last updated 7 years ago

2017-10-11 01:29:00

Affected Software

Mozilla Mozilla 1.0

1.0

Mozilla Mozilla Browser 1.0.1

1.0.1

Mozilla Mozilla Browser 1.0.2

1.0.2

Mozilla Mozilla 1.1

1.1

Mozilla Mozilla Browser 1.1 Alpha

1.1

Mozilla Mozilla Browser 1.1 Beta

1.1

Mozilla Mozilla 1.2

1.2

Mozilla Mozilla Browser 1.2 Alpha

1.2

Mozilla Mozilla Browser 1.2 Beta

1.2

Mozilla Mozilla Browser 1.2.1

1.2.1

Mozilla Mozilla 1.3

1.3

Mozilla Mozilla Browser 1.3.1

1.3.1

Mozilla Mozilla 1.4

1.4

Mozilla Mozilla 1.4.1

1.4.1

Mozilla Mozilla Browser 1.4.2

1.4.2

References

20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue

Exploit, Vendor Advisory

20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue

MDKSA-2004:021

RHSA-2004:112

oval:org.mitre.oval:def:873

oval:org.mitre.oval:def:917

oval:org.mitre.oval:def:9826

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.