the information I couldn't.
Cheers,
Shahar
From: Michal Zalewski
Sent: Friday, December 19, 2014 6:56:20 AM
To: Shahar Tal
Cc: fulldisclosure@seclists.org
Subject: Re: [FD] The Misfortune Cookie Vulnerability
See http://mis.fortunecook.ie for the rest.
I think
We call it Misfortune Cookie over the affected vulnerable HTTP cookie
parsing module, but MITRE insists on CVE-2014-9222
To be honest I'm getting rather annoyed by how Check Point is (mis)handling
this vulnerability. I mean, there is already a cool marketing name, there
is a website dedicated
The most technical it seems to get is the following:
quote
The Misfortune Cookie vulnerability is exploitable due to an error within
the HTTP cookie management mechanism present in the affected software,
allowing an attacker to determine the ‘fortune’ of a request by
manipulating cookies.
: Sandro Gauci [mailto:san...@enablesecurity.com]
Sent: יום ו 19 דצמבר 2014 09:57
To: Michal Zalewski
Cc: Shahar Tal; fulldisclosure@seclists.org
Subject: Re: [FD] The Misfortune Cookie Vulnerability
The most technical it seems to get is the following:
quote
The Misfortune Cookie vulnerability