Bug 484197 (CVE-2008-6059)

Summary: CVE-2008-6059 WebKit: Sensitive information disclosure from cookies via XMLHttpRequest calls
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: martin.sourada, mtasaka, peter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-23 22:56:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2009-02-05 11:18:57 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-6059 to
the following vulnerability:

xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not
properly restrict access from web pages to the (1) Set-Cookie and (2)
Set-Cookie2 HTTP response headers, which allows remote attackers to
obtain sensitive information from cookies via XMLHttpRequest calls,
related to the HTTPOnly protection mechanism.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6059
http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp
https://bugs.webkit.org/show_bug.cgi?id=10957
Comment 1 Jan Lieskovsky 2009-02-05 11:20:30 UTC 
This issue affects the versions of the WebKit package, as shipped
with Fedora releases of 9 and 10.

Please fix.

This issue does NOT affect the version of the WebKit package, as shipped
with Fedora release of devel.
Comment 2 Vincent Danen 2010-12-23 22:56:51 UTC 
This is fixed in the latest webkit packages we provide in Fedora and RHEL6.