2 matches found
CVE-2008-7295
Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...
CVE-2008-7295
CVE-2008-7295 : Affects Microsoft Internet Explorer by failing to properly restrict modifications to cookies set over HTTPS, allowing a man-in-the-middle attacker to overwrite or delete cookies via a Set-Cookie header in an HTTP response. Root cause cited as lack of HTTP Strict Transport Security...