CVE-2008-6059

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
Configurations

Configuration 1

cpe:2.3:a:webkit:webkit:*:*:*:*:*:*:*:*

Information

Published : 2009-02-05 12:30

Updated : 2017-08-08 01:33


NVD link : CVE-2008-6059

Mitre link : CVE-2008-6059

Products Affected
No products.
CWE