Описание
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-0411
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48554
- http://codereview.chromium.org/11264
- http://codereview.chromium.org/18533
- http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes
- http://src.chromium.org/viewvc/chrome?view=rev&revision=8529
EPSS
CVE ID
Связанные уязвимости
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
Google Chrome before 1.0.154.46 does not properly restrict access from ...
EPSS