Google Chrome Cookie Verification Denial of Service Vulnerability
BID:58857
Info
Google Chrome Cookie Verification Denial of Service Vulnerability
| Bugtraq ID: | 58857 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2013-6166 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2013 12:00AM |
| Updated: | Oct 21 2013 01:16AM |
| Credit: | Anonymous |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Google Chrome Cookie Verification Denial of Service Vulnerability
Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input.
Successfully exploiting this issue will allow an attacker to inject special characters into the browser's local cookie storage, resulting in the requested website always responding with an error message which is hosted on specific web server software (like lighttpd). This will cause a denial-of-service condition.
Chromium 25.0.1364.160 is vulnerable; other versions may also be affected.
Note: The content related to Mozilla Firefox Browser has been moved to BID 62969 (Mozilla Firefox Browser Cookie Verification Denial of Service Vulnerability) for better documentation.
Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input.
Successfully exploiting this issue will allow an attacker to inject special characters into the browser's local cookie storage, resulting in the requested website always responding with an error message which is hosted on specific web server software (like lighttpd). This will cause a denial-of-service condition.
Chromium 25.0.1364.160 is vulnerable; other versions may also be affected.
Note: The content related to Mozilla Firefox Browser has been moved to BID 62969 (Mozilla Firefox Browser Cookie Verification Denial of Service Vulnerability) for better documentation.
Exploit / POC
Google Chrome Cookie Verification Denial of Service Vulnerability
Attackers can exploit this issue by tricking a victim into viewing a specially crafted webpage.
The following example URI is available:
http://www.example.com/?utm_source=test&utm_medium=test&utm_campaign=te%05st
Attackers can exploit this issue by tricking a victim into viewing a specially crafted webpage.
The following example URI is available:
http://www.example.com/?utm_source=test&utm_medium=test&utm_campaign=te%05st
Solution / Fix
Google Chrome Cookie Verification Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Google Chrome Cookie Verification Denial of Service Vulnerability
References:
References:
- Google Chrome Homepage (Google)