Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via %2e%2e (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Internet_explorer | Microsoft | 5.5 | 5.5 |
Internet_explorer | Microsoft | 5.5 | 5.5 |
Internet_explorer | Microsoft | 6.0 | 6.0 |
Ie | Microsoft | 6.0 | 6.0 |
Internet_explorer | Microsoft | 5.0.1 | 5.0.1 |
Internet_explorer | Microsoft | 5.0.1 | 5.0.1 |
Internet_explorer | Microsoft | 5.0.1 | 5.0.1 |
Internet_explorer | Microsoft | 5.0.1 | 5.0.1 |
Internet_explorer | Microsoft | 5.0.1 | 5.0.1 |
Internet_explorer | Microsoft | 5.5 | 5.5 |