Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0411

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0411
Last Modified 12 Feb 2009 01:57:11
Published 03 Feb 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0411

Summary

Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.

Vulnerable Systems

Application

  • Google Chrome 0.2.152.1

  • Google Chrome 0.2.153.1

  • Google Chrome 0.3.154.0

  • Google Chrome 0.3.154.3

  • Google Chrome 0.4.154.18

  • Google Chrome 0.4.154.22

  • Google Chrome 0.4.154.31

  • Google Chrome 0.4.154.33

  • Google Chrome 1.0.154.36

  • Google Chrome 1.0.154.39

  • Google Chrome 1.0.154.42

  • Google Chrome 1.0.154.43


References

XF - googlechrome-xmlhttprequest-info-disclosure(48554)

CONFIRM - http://src.chromium.org/viewvc/chrome?view=rev&revision=8529

CONFIRM - http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes

CONFIRM - http://codereview.chromium.org/18533

CONFIRM - http://codereview.chromium.org/11264


Last Updated: 27 May 2016 10:50:14