Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-4684

Description

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

Affected products

KDE/Konqueror23 versions
cpe:2.3:a:kde:konqueror:0.1:*:embedded:*:*:*:*:*+ 22 more
- cpe:2.3:a:kde:konqueror:0.1:*:embedded:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.3.2:*:*:*:*:*:*:*
Konqueror/Konquerorllm-fuzzy

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

CVE-2005-4684

Description

Affected products

Patches

Vulnerability mechanics

References

News mentions