CVE-2004-0866

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

References

http://www.securityfocus.com/bid/11186

http://securitytracker.com/id?1011332

http://marc.info/?l=bugtraq&m=109536612321898&w=2

https://exchange.xforce.ibmcloud.com/vulnerabilities/17415

Details

Source: MITRE

Published: 2004-09-16

Updated: 2021-07-23

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
15427RHEL 2.1 / 3 : kdelibs, kdebase (RHSA-2004:412)NessusRed Hat Local Security Checks
high