oss-sec mailing list archives
Re: browser document.cookie DoS vulnerability
From: cve-assign () mitre org
Date: Thu, 17 Oct 2013 09:53:49 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://www.openwall.com/lists/oss-security/2013/04/03/10
Chromium 25.0.1364.160 (debian testing), Iceweasel/Firefox 19 and probably many other browsers allow javascript to set broken cookie values, leading to possible permanent "400 Bad Request" responses.
http://www.openwall.com/lists/oss-security/2013/10/16/16
- at least two independently implemented web browsers are capable of sending malformed Cookie headers that trigger the lighttpd request.c "invalid char in header" code, leading to the 400 HTTP status code
When the web browser sends the malformed Cookie header, it is (in effect) enabling a Logout CSRF vulnerability on a web site that does not have any server-side Logout CSRF problem.
There didn't seem to be further discussion of this, and the public vendor references don't yet have CVE IDs, so we are assigning these: CVE-2013-6166 https://code.google.com/p/chromium/issues/detail?id=238041 CVE-2013-6167 https://bugzilla.mozilla.org/show_bug.cgi?id=858215 - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSX+s0AAoJEKllVAevmvmslvkH/1b5TzN4yzFoyjXIt/DZ0oPk NunvsxFQwc7PUusqU9p1tqoyavH0nEBF9i+2l41s33UwiD695AMScQThwAf2inJZ gAX0omLkqSDXx1JMaByK8ayzoVgqh7crpRAXyNo70TJN29Xnn7WqTN47eHFjCFPQ YWV3mGciGHPX/LL/ZBovtmAGtE1fNo9teDfTEMBORTkNiVW5vkvZahEeYDAsStEE ZJXvjLRbTE06GHw4OZX+8h7rmutrYW5NJ5o+J7HCtKsT21M7qOEgUw+tJa8PPqAS Rdvc9ixFgjuP/gz8l8TMi2JOCuT85GqRiQxlJb9eY9Axb9yBUpbfruwT0XS3hFo= =D2jQ -----END PGP SIGNATURE-----
Current thread:
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 10)
- Re: Re: browser document.cookie DoS vulnerability aaron guzman (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Joel Weinberger (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Murray McAllister (Oct 14)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 15)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 15)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 16)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 17)
- Re: browser document.cookie DoS vulnerability Mozilla Security (Oct 17)