CVE-2005-4684

Publication date 31 December 2005

Last updated 24 July 2024

Ubuntu priority

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kdebase	7.04 feisty	Ignored
	6.10 edgy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

kees

Not fixed upstream, negligible.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2005-4684