CVE-2024-1551 · CVEKit

cve.orgen

375 chars

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

NVDen

375 chars

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

NVDes

420 chars

Los encabezados de respuesta Set-Cookie se respetaban incorrectamente en las respuestas HTTP de varias partes. Si un atacante pudiera controlar el encabezado de respuesta Content-Type, así como controlar parte del cuerpo de la respuesta, podría inyectar encabezados de respuesta Set-Cookie que el navegador habría respetado. Esta vulnerabilidad afecta a Firefox < 123, Firefox ESR < 115.8 y Thunderbird < 115.8.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	6.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N