CVE Catalog

CVE-2000-0439

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
6.26%

93th percentile — higher than 93% of all known CVEs

Summary

Internet Explorer 4.0 and 5.0 allow a malicious website to obtain client cookies from another domain by including that domain name and escaped characters in a URL, known as the 'Unauthorized Cookie Access' vulnerability.

Risk Assessment

Organizations may be exposed to user data theft, leading to privacy and security breaches. Malicious sites can exploit this vulnerability to hijack user sessions.

Recommendation

It is recommended to update Internet Explorer to the latest version or consider using an alternative browser to minimize risk. Additionally, implementing cookie security policies is advisable.

Original NVD description (English source)

Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS