Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Oct 2013 09:53:49 -0400 (EDT)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org, stbuehler@...httpd.net, jww@...omium.org,
        security@...illa.org
Subject: Re: browser document.cookie DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> http://www.openwall.com/lists/oss-security/2013/04/03/10

>> Chromium 25.0.1364.160 (debian testing), Iceweasel/Firefox 19 and
>> probably many other browsers allow javascript to set broken cookie
>> values, leading to possible permanent "400 Bad Request" responses.

> http://www.openwall.com/lists/oss-security/2013/10/16/16

>   - at least two independently implemented web browsers are capable of
>     sending malformed Cookie headers that trigger the lighttpd
>     request.c "invalid char in header" code, leading to the 400 HTTP
>     status code

> When the web browser sends the malformed Cookie header, it is (in
> effect) enabling a Logout CSRF vulnerability on a web site that does
> not have any server-side Logout CSRF problem.

There didn't seem to be further discussion of this, and the public
vendor references don't yet have CVE IDs, so we are assigning these:

CVE-2013-6166 https://code.google.com/p/chromium/issues/detail?id=238041
CVE-2013-6167 https://bugzilla.mozilla.org/show_bug.cgi?id=858215

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSX+s0AAoJEKllVAevmvmslvkH/1b5TzN4yzFoyjXIt/DZ0oPk
NunvsxFQwc7PUusqU9p1tqoyavH0nEBF9i+2l41s33UwiD695AMScQThwAf2inJZ
gAX0omLkqSDXx1JMaByK8ayzoVgqh7crpRAXyNo70TJN29Xnn7WqTN47eHFjCFPQ
YWV3mGciGHPX/LL/ZBovtmAGtE1fNo9teDfTEMBORTkNiVW5vkvZahEeYDAsStEE
ZJXvjLRbTE06GHw4OZX+8h7rmutrYW5NJ5o+J7HCtKsT21M7qOEgUw+tJa8PPqAS
Rdvc9ixFgjuP/gz8l8TMi2JOCuT85GqRiQxlJb9eY9Axb9yBUpbfruwT0XS3hFo=
=D2jQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ