CVE-2004-0746

Published: Oct 20, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Affected (27)

Products: Kde: Konqueror, Kde · Gentoo: Linux · Mandrakesoft: Mandrake Linux · +1 more

Show all products

Kde: Konqueror, Kde · Gentoo: Linux · Mandrakesoft: Mandrake Linux · Suse: Suse Linux

2 products

1 product

1 product

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Kde Konqueror	Version 3.0.1
Kde Konqueror	Version 3.0.2
Kde Konqueror	Version 3.0.3
Kde Konqueror	Version 3.0.5
Kde Konqueror	Version 3.0.5b
Kde Konqueror	Version 3.0
Kde Konqueror	Version 3.1.1
Kde Konqueror	Version 3.1.2
Kde Konqueror	Version 3.1.3
Kde Konqueror	Version 3.1.5
Kde Konqueror	Version 3.1
Kde Konqueror	Version 3.2.1
Kde Konqueror	Version 3.2.3

Configuration B

14 vulnerable

Vulnerable Software	Affected Versions
Gentoo Linux	Version 1.4
Kde Kde	Version 3.1.3
Kde Kde	Version 3.2
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux	Version 9.2
Suse Suse Linux	Version 8.1
Suse Suse Linux	Version 8.2
Suse Suse Linux	Version 8
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.0
Suse Suse Linux	Version 9.1