Apple Safari 1.x - Cookie Directory Traversal

Author: Corsaire Limited
type: remote
platform: osx
port: 
date_added: 2004-03-10 
date_updated: 2013-01-01 
verified: 1 
codes: CVE-2003-0514;OSVDB-4187 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9841/info

Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content, this may make it possible for an attacker to craft a URI that will contain encoded directory traversal sequences sufficient to provide access to a supposedly path exclusive cookie from an alternate path.

http://www.example.com/secure/%2e%2e/sample/insecure.cgi?xss=<golarge>