Red Hat Bugzilla – Bug 484197
CVE-2008-6059 WebKit: Sensitive information disclosure from cookies via XMLHttpRequest calls
Last modified: 2017-07-21 11:31:31 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-6059 to
the following vulnerability:
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not
properly restrict access from web pages to the (1) Set-Cookie and (2)
Set-Cookie2 HTTP response headers, which allows remote attackers to
obtain sensitive information from cookies via XMLHttpRequest calls,
related to the HTTPOnly protection mechanism.
This issue affects the versions of the WebKit package, as shipped
with Fedora releases of 9 and 10.
This issue does NOT affect the version of the WebKit package, as shipped
with Fedora release of devel.
This is fixed in the latest webkit packages we provide in Fedora and RHEL6.