← CVECheck
HomeVulnerabilities

CVE-2004-0870 — MEDIUM severity vulnerability (KDE Konqueror does not prevent cookies that are sent over an)

KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

CVE IDCVE-2004-0870
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2004-09-16
Last modified2026-04-16
DescriptionKDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →