Skip to main content

CVE-2004-0869

Severity Medium
Score 5/10

Summary

Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published