Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-02-04T19:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2009-02-04T00:00:00
Link: CVE-2009-0419
JSON object: View
NVD Information
Status : Modified
Published: 2009-02-04T19:30:00.563
Modified: 2017-08-08T01:33:56.237
Link: CVE-2009-0419
JSON object: View
Redhat Information
No data.
CWE