CVE-2024-5699

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-178
View all →

Vulnerability Description

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.

Related Vulnerabilities

CVE-2001-0766

CRITICAL
CVSS:9.8(Critical)

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

CWE-1782001

CVE-2002-1820

CRITICAL
CVSS:9.8(Critical)

register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account n...

CWE-1782002

CVE-2002-2119

CRITICAL
CVSS:9.8(Critical)

Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.

CWE-1782002

CVE-2004-2154

CRITICAL
CVSS:9.8(Critical)

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are ...

CWE-1782004

CVE-2004-2214

CRITICAL
CVSS:9.8(Critical)

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.

CWE-1782004

CVE-2005-0269

CRITICAL
CVSS:9.8(Critical)

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that incl...

CWE-1782005