Red Hat Bugzilla – Bug 63623
konqueror ignores path information in cookies
Last modified: 2007-04-18 12:42:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408
Description of problem:
Unlike Mozilla (e.g.), Konqueror would send cookies regardless of the PATH
stored inside cookies. For instance, if a cookie were to be sent for all URLs
below /directory/, Konqueror would also submit the cookie for URLs above that path.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
An example of a page that suffers from this:
Log-in page is:
Log-in cookie is set with path /bugzilla/, but with Konqueror pages above
/bugzilla also see the cookie, e.g:
This is not the case with Mozilla or Netscape Navigator.
Actual Results: Konqueror has managed to access /upload.php.
Expected Results: Konqueror should have failed to access /upload.php (like
Mozilla or Netscape Navigator).
Apart from a malfunction, this is a security problem.
Fixed in the current version
Confirmed with kdebase-3.0.2-7.