Details of VAR-200404-0002

ID

VAR-200404-0002

CVE

CVE-2003-0514

TITLE

cookie Path parameter limit bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200404-052

DESCRIPTION

Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content, this may make it possible for an attacker to craft a URI that will contain encoded directory traversal sequences sufficient to provide access to a supposedly path exclusive cookie from an alternate path. There are vulnerabilities in Apple Safari

Trust: 1.26

sources: NVD: CVE-2003-0514 // BID: 9841 // VULHUB: VHN-7342

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.9
vendor:	sgi	model:	propack	scope:	eq	version:	2.4	Trust: 0.3
vendor:	sgi	model:	propack	scope:	eq	version:	2.3	Trust: 0.3
vendor:	redhat	model:	kdelibs-devel-3.1-10.i386.rpm	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	kdelibs-3.1-10.i386.rpm	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor	scope:	eq	version:	2.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.23	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.22	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.21	Trust: 0.3
vendor:	opera	model:	software opera web browser beta build	scope:	eq	version:	7.2012981	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.20	Trust: 0.3
vendor:	opera	model:	software opera web browser j	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser b	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.10	Trust: 0.3
vendor:	opera	model:	software opera web browser win32 beta	scope:	eq	version:	7.02	Trust: 0.3
vendor:	opera	model:	software opera web browser win32 beta	scope:	eq	version:	7.01	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser 3win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser 2win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser 1win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.10	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.06	Trust: 0.3
vendor:	opera	model:	software opera web browser .6win32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.12	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	5.12	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.11	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.10	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.02	Trust: 0.3
vendor:	opera	model:	software opera web browser mac	scope:	eq	version:	5.0	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.4.1	Trust: 0.3
vendor:	mozilla	model:	browser b	scope:	eq	version:	1.4	Trust: 0.3
vendor:	mozilla	model:	browser a	scope:	eq	version:	1.4	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.4	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.3	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	mozilla	model:	browser beta	scope:	eq	version:	1.2	Trust: 0.3
vendor:	mozilla	model:	browser alpha	scope:	eq	version:	1.2	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.2	Trust: 0.3
vendor:	mozilla	model:	browser beta	scope:	eq	version:	1.1	Trust: 0.3
vendor:	mozilla	model:	browser alpha	scope:	eq	version:	1.1	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.1	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	mozilla	model:	browser rc2	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	browser rc1	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.48	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.35	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.9	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.8	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.5	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.4.1	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.4	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.2.1	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.9.2	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	eq	version:	0.8	Trust: 0.3
vendor:	mozilla	model:	browser m16	scope:	-	version:	-	Trust: 0.3
vendor:	mozilla	model:	browser m15	scope:	-	version:	-	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp4	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp3	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp2	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp2	scope:	eq	version:	5.5	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	5.5	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.5	Trust: 0.3
vendor:	kde	model:	konqueror embedded	scope:	eq	version:	0.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	kde	model:	a	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1	Trust: 0.3
vendor:	kde	model:	b	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	a	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	kde	model:	a	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	kde	model:	beta	scope:	eq	version:	2.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.1	Trust: 0.3
vendor:	mozilla	model:	browser	scope:	ne	version:	1.5	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	ne	version:	3.1.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	ne	version:	3.1.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	ne	version:	3.1.4	Trust: 0.3
vendor:	kde	model:	kde	scope:	ne	version:	3.1.3	Trust: 0.3

sources: BID: 9841 // CNNVD: CNNVD-200404-052 // NVD: CVE-2003-0514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0514
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200404-052
value:	HIGH
Trust: 0.6
VULHUB:	VHN-7342
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0514
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7342
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7342 // CNNVD: CNNVD-200404-052 // NVD: CVE-2003-0514

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-052

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200404-052

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-7342

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0514	Trust: 2.0
db:	CNNVD	id:	CNNVD-200404-052	Trust: 0.7
db:	VULNWATCH	id:	20040310 CORSAIRE SECURITY ADVISORY: MULTIPLE VENDOR HTTP USER AGENT COOKIE PATH TRAVERSAL ISSUE	Trust: 0.6
db:	FULLDISC	id:	20040310 CORSAIRE SECURITY ADVISORY: MULTIPLE VENDOR HTTP USER AGENT COOKIE PATH TRAVERSAL ISSUE	Trust: 0.6
db:	BID	id:	9841	Trust: 0.3
db:	SEEBUG	id:	SSVID-77549	Trust: 0.1
db:	EXPLOIT-DB	id:	23800	Trust: 0.1
db:	VULHUB	id:	VHN-7342	Trust: 0.1

sources: VULHUB: VHN-7342 // BID: 9841 // CNNVD: CNNVD-200404-052 // NVD: CVE-2003-0514

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-march/018475.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2004-074.html	Trust: 0.3

sources: VULHUB: VHN-7342 // BID: 9841 // CNNVD: CNNVD-200404-052 // NVD: CVE-2003-0514

CREDITS

Discovery is credited to Corsaire.

Trust: 0.9

sources: BID: 9841 // CNNVD: CNNVD-200404-052

SOURCES

db:	VULHUB	id:	VHN-7342
db:	BID	id:	9841
db:	CNNVD	id:	CNNVD-200404-052
db:	NVD	id:	CVE-2003-0514

LAST UPDATE DATE

2024-08-14T12:12:22.258000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7342	date:	2008-09-05T00:00:00
db:	BID	id:	9841	date:	2009-07-12T03:06:00
db:	CNNVD	id:	CNNVD-200404-052	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0514	date:	2008-09-05T20:34:31.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7342	date:	2004-04-15T00:00:00
db:	BID	id:	9841	date:	2004-03-10T00:00:00
db:	CNNVD	id:	CNNVD-200404-052	date:	2004-04-15T00:00:00
db:	NVD	id:	CVE-2003-0514	date:	2004-04-15T04:00:00