CVE-2008-6059

Published: Feb 5, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

Affected (1)

Products: Webkit: Webkit

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webkit Webkit	All versions

Related CWEs

References (8)

http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp

Source: cve@mitre.org

http://www.securityfocus.com/bid/33804

Source: cve@mitre.org

https://bugs.webkit.org/show_bug.cgi?id=10957

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/48575

Source: cve@mitre.org

http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33804

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.webkit.org/show_bug.cgi?id=10957

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/48575

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.