Re: browser document.cookie DoS vulnerability

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> > http://www.openwall.com/lists/oss-security/2013/04/03/10

> > Chromium 25.0.1364.160 (debian testing), Iceweasel/Firefox 19 and
> > probably many other browsers allow javascript to set broken cookie
> > values, leading to possible permanent "400 Bad Request" responses.

> http://www.openwall.com/lists/oss-security/2013/10/16/16

>   - at least two independently implemented web browsers are capable of
>     sending malformed Cookie headers that trigger the lighttpd
>     request.c "invalid char in header" code, leading to the 400 HTTP
>     status code

> When the web browser sends the malformed Cookie header, it is (in
> effect) enabling a Logout CSRF vulnerability on a web site that does
> not have any server-side Logout CSRF problem.

There didn't seem to be further discussion of this, and the public
vendor references don't yet have CVE IDs, so we are assigning these:

CVE-2013-6166 https://code.google.com/p/chromium/issues/detail?id=238041
CVE-2013-6167 https://bugzilla.mozilla.org/show_bug.cgi?id=858215

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSX+s0AAoJEKllVAevmvmslvkH/1b5TzN4yzFoyjXIt/DZ0oPk
NunvsxFQwc7PUusqU9p1tqoyavH0nEBF9i+2l41s33UwiD695AMScQThwAf2inJZ
gAX0omLkqSDXx1JMaByK8ayzoVgqh7crpRAXyNo70TJN29Xnn7WqTN47eHFjCFPQ
YWV3mGciGHPX/LL/ZBovtmAGtE1fNo9teDfTEMBORTkNiVW5vkvZahEeYDAsStEE
ZJXvjLRbTE06GHw4OZX+8h7rmutrYW5NJ5o+J7HCtKsT21M7qOEgUw+tJa8PPqAS
Rdvc9ixFgjuP/gz8l8TMi2JOCuT85GqRiQxlJb9eY9Axb9yBUpbfruwT0XS3hFo=
=D2jQ
-----END PGP SIGNATURE-----