[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3613Date: (C)2014-12-01   (M)2024-04-19


cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-69748
APPLE-SA-2015-08-13-2
DSA-3022
RHSA-2015:1254
http://curl.haxx.se/docs/adv_20140910A.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://support.apple.com/kb/HT205031
openSUSE-SU-2014:1139

CPE    16
cpe:/o:apple:mac_os_x
cpe:/a:haxx:libcurl:7.36.0
cpe:/a:haxx:libcurl:7.37.0
cpe:/a:haxx:curl:7.31.0
...
CWE    1
CWE-310
OVAL    23
oval:org.secpod.oval:def:26637
oval:org.secpod.oval:def:204236
oval:org.secpod.oval:def:702207
oval:org.secpod.oval:def:1600033
...

© SecPod Technologies