CVE-2004-0746

Name of the Vulnerable Software and Affected Versions Konqueror in KDE versions 3.2.3 and earlier

Description The issue allows web sites to set cookies for country-specific top-level domains. This could enable remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Recommendations For Konqueror in KDE versions 3.2.3 and earlier, consider disabling the cookie setting feature for country-specific top-level domains until a patch is available. Restrict access to sensitive web sites to minimize the risk of session fixation attacks.