
Full Disclosure mailing list archives
Re: The Misfortune Cookie Vulnerability
From: Gynvael Coldwind <gynvael () coldwind pl>
Date: Fri, 19 Dec 2014 09:13:48 +0000
We call it "Misfortune Cookie" over the affected vulnerable HTTP cookie parsing module, but MITRE insists on CVE-2014-9222
To be honest I'm getting rather annoyed by how Check Point is (mis)handling this vulnerability. I mean, there is already a "cool marketing name", there is a website dedicated to it, there is already this huge FAQ not answering the basic questions, etc. But there is no information on it except for "vulnerability in the Cookie parsing module of these SOHO". Seriously, if you can't disclose the vulnerability yet, please don't spam with its marketing materials. Last I checked "full disclosure" was actually about disclosing technical information and not passing links to marketing sites. Otherwise, please provide basic information as a technical description of the vulnerability (which allows reproduction) or a PoC to test whether a given device is vulnerable. Please note that you've already given enough information for the attackers to just find the vulnerability (as in "please reverse engineer the cookie parsing in this model"), so you're not doing anyone a favor by trying to play it out like this. Regards, -- Gynvael _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- The Misfortune Cookie Vulnerability Shahar Tal (Dec 18)
- Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)
- Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)
- Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
- Re: The Misfortune Cookie Vulnerability Shahar Tal (Dec 22)
- Re: The Misfortune Cookie Vulnerability Jon Hart (Dec 23)
- Re: The Misfortune Cookie Vulnerability Sandro Gauci (Dec 22)
- Re: The Misfortune Cookie Vulnerability Gynvael Coldwind (Dec 22)
- Re: The Misfortune Cookie Vulnerability Michal Zalewski (Dec 18)