Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-02-15T11:00:00
Updated: 2024-08-06T17:29:43.110Z
Reserved: 2013-10-16T00:00:00
Link: CVE-2013-6166
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-02-15T14:57:07.970
Modified: 2014-02-18T18:27:47.390
Link: CVE-2013-6166
Redhat
No data.