CVE-2009-0411
03.02.2009, 19:30
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.Enginsight
Vendor | Product | Version |
---|---|---|
chrome | 𝑥 ≤ 1.0.154.43 | |
chrome | 0.2.152.1 | |
chrome | 0.2.153.1 | |
chrome | 0.3.154.0 | |
chrome | 0.3.154.3 | |
chrome | 0.4.154.18 | |
chrome | 0.4.154.22 | |
chrome | 0.4.154.31 | |
chrome | 0.4.154.33 | |
chrome | 1.0.154.36 | |
chrome | 1.0.154.39 | |
chrome | 1.0.154.42 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References