Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3170

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3170
Last Modified 07 Mar 2011 10:10:19
Published 14 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3170

Summary

Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.

Vulnerable Systems

Application

  • Apple Safari


References

CERT - TA08-350A

XF - safari-domains-session-hijacking(43839)

VUPEN - ADV-2008-3444

SECTRACK - 1020539

BID - 30192

CONFIRM - http://support.apple.com/kb/HT3338

SECUNIA - 31128

APPLE - APPLE-SA-2008-12-15

MISC - http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html

Related Patches

Apple 2008-12-15 Security Update 2008-008 (Client PPC)

Apple 2008-12-15 Security Update 2008-008 Server (PPC)

Apple 2008-12-15 Security Update 2008-008 Server (Intel)

Apple 2008-12-15 Mac OS X Server 10.5.6 Combo Update

Apple 2008-12-15 Mac OS X 10.5.6 Combo Update

Apple 2008-12-15 Mac OS X 10.5.6 Update

Apple 2008-12-15 Security Update 2008-008 (Client Intel)

Apple 2008-12-15 Mac OS X Server 10.5.6 Update


Last Updated: 27 May 2016 10:48:06