CVE-2008-7295

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer (affected versions not specified)

Description The issue is related to Microsoft Internet Explorer's inability to properly restrict modifications to cookies established in HTTPS sessions. This allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response. The problem is connected to the lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, which is described as a "cookie forcing" issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.