CVE-2003-0514

Vulnerability

Apple Safari versions 1.x are vulnerable to a cookie path argument restriction bypass. The browser fails to properly sanitize encoded URI content, specifically allowing encoded directory traversal sequences like %2e%2e (dot dot) in URLs. This can trick Safari into sending cookies intended for a specific URL subset to an alternate, unintended path [1].

Exploitation

An attacker can craft a malicious URL containing encoded directory traversal sequences. When a user visits this URL in a vulnerable version of Apple Safari, the browser may send cookies associated with the target application to a different path on the same server. This bypasses the intended cookie access restrictions set by the web application [1].

Impact

Successful exploitation allows an attacker to access cookies that should be restricted to a specific URL subset. This could lead to unauthorized access to sensitive information or session hijacking if the cookies contain authentication tokens or other private data, depending on the application's logic and the data stored in the cookies [1].

Mitigation

No specific patched version or release date is available in the provided references. Users are advised to avoid visiting untrusted URLs. Further information on mitigation is not yet disclosed in the available references [1].