Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0419

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0419
Last Modified 13 Mar 2009 01:46:54
Published 04 Feb 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0419

Summary

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.

Vulnerable Systems

Application

  • Microsoft Xml Core Services


References

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=380418

XF - msxml-httponly-cookie-information-disclosure(48815)


Last Updated: 27 May 2016 10:50:14