Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 63623 - konqueror ignores path information in cookies
konqueror ignores path information in cookies
Product: Red Hat Public Beta
Classification: Retired
Component: kdebase (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
Ben Levenson
: Security
Depends On:
Blocks: 61901 67218
  Show dependency treegraph
Reported: 2002-04-16 10:37 EDT by Michael Schwendt
Modified: 2007-04-18 12:42 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-08-05 06:42:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michael Schwendt 2002-04-16 10:37:13 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408

Description of problem:
Unlike Mozilla (e.g.), Konqueror would send cookies regardless of the PATH
stored inside cookies. For instance, if a cookie were to be sent for all URLs
below /directory/, Konqueror would also submit the cookie for URLs above that path.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
An example of a page that suffers from this:


Log-in page is:


Log-in cookie is set with path /bugzilla/, but with Konqueror pages above
/bugzilla also see the cookie, e.g:


This is not the case with Mozilla or Netscape Navigator.

Actual Results:  Konqueror has managed to access /upload.php.

Expected Results:  Konqueror should have failed to access /upload.php (like
Mozilla or Netscape Navigator).

Additional info:

Apart from a malfunction, this is a security problem.
Comment 1 Bernhard Rosenkraenzer 2002-08-05 06:42:32 EDT
Fixed in the current version
Comment 2 Michael Schwendt 2002-08-06 04:40:53 EDT
Confirmed with kdebase-3.0.2-7.

Note You need to log in before you can comment on or make changes to this bug.