CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html
http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html
http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html
http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html
http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
https://bugzilla.mozilla.org/show_bug.cgi?id=660053	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome:3.0.190.2:::::::*
	cpe:2.3:a:google:chrome:3.0.195.27:::::::*
	cpe:2.3:a:google:chrome:2.0.172.8:::::::*
	cpe:2.3:a:google:chrome:2.0.172.2:::::::*
	cpe:2.3:a:google:chrome:2.0.172.33:::::::*
	cpe:2.3:a:google:chrome:2.0.169.1:::::::*
	cpe:2.3:a:google:chrome:1.0.154.36:::::::*
	cpe:2.3:a:google:chrome:1.0.154.48:::::::*
	cpe:2.3:a:google:chrome:1.0.154.52:::::::*
	cpe:2.3:a:google:chrome:0.1.42.3:::::::*
	cpe:2.3:a:google:chrome:0.3.154.3:::::::*
	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome:2.0.172.38:::::::*
	cpe:2.3:a:google:chrome:1.0.154.59:::::::*
	cpe:2.3:a:google:chrome:3.0.195.2:::::::*
	cpe:2.3:a:google:chrome:3.0.195.33:::::::*
	cpe:2.3:a:google:chrome:2.0.172.27:::::::*
	cpe:2.3:a:google:chrome:0.1.38.4:::::::*
	cpe:2.3:a:google:chrome:0.2.149.29:::::::*
	cpe:2.3:a:google:chrome:3.0.195.25:::::::*
	cpe:2.3:a:google:chrome:0.2.153.1:::::::*
	cpe:2.3:a:google:chrome:3.0.195.21:::::::*
	cpe:2.3:a:google:chrome:2.0.169.0:::::::*
	cpe:2.3:a:google:chrome:0.1.38.1:::::::*
	cpe:2.3:a:google:chrome:0.1.40.1:::::::*
	cpe:2.3:a:google:chrome:3.0.193.2:beta::::::
	cpe:2.3:a:google:chrome:2.0.156.1:::::::*
	cpe:2.3:a:google:chrome:3.0.195.32:::::::*
	cpe:2.3:a:google:chrome:2.0.159.0:::::::*
	cpe:2.3:a:google:chrome:2.0.158.0:::::::*
	cpe:2.3:a:google:chrome:2.0.172.28:::::::*
	cpe:2.3:a:google:chrome:0.1.38.2:::::::*
	cpe:2.3:a:google:chrome:2.0.172.37:::::::*
	cpe:2.3:a:google:chrome:3.0.182.2:::::::*
	cpe:2.3:a:google:chrome:0.2.149.30:::::::*
	cpe:2.3:a:google:chrome:0.4.154.31:::::::*
	cpe:2.3:a:google:chrome:1.0.154.39:::::::*
	cpe:2.3:a:google:chrome:0.2.149.27:::::::*
	cpe:2.3:a:google:chrome:1.0.154.53:::::::*
	cpe:2.3:a:google:chrome:0.4.154.33:::::::*
	cpe:2.3:a:google:chrome:2.0.170.0:::::::*
	cpe:2.3:a:google:chrome:1.0.154.43:::::::*
	cpe:2.3:a:google:chrome:1.0.154.42:::::::*
	cpe:2.3:a:google:chrome:3.0.195.24:::::::*
	cpe:2.3:a:google:chrome:1.0.154.65:::::::*
	cpe:2.3:a:google:chrome:2.0.157.2:::::::*
	cpe:2.3:a:google:chrome:0.4.154.18:::::::*
	cpe:2.3:a:google:chrome:2.0.157.0:::::::*
	cpe:2.3:a:google:chrome:0.2.152.1:::::::*
	cpe:2.3:a:google:chrome:0.3.154.0:::::::*
	cpe:2.3:a:google:chrome:3.0.195.36:::::::*
	cpe:2.3:a:google:chrome:1.0.154.64:::::::*
	cpe:2.3:a:google:chrome:2.0.172:::::::*
	cpe:2.3:a:google:chrome:2.0.172.30:::::::*
	cpe:2.3:a:google:chrome:0.1.42.2:::::::*
	cpe:2.3:a:google:chrome:1.0.154.46:::::::*
	cpe:2.3:a:google:chrome:0.4.154.22:::::::*
	cpe:2.3:a:google:chrome:2.0.172.31:::::::*
	cpe:2.3:a:google:chrome:3.0.195.37:::::::*

Information

Published : 2011-08-09 12:55

Updated : 2012-08-01 21:00

NVD link : CVE-2008-7294

Mitre link : CVE-2008-7294

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

google

chrome

5.8 /10