[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2013-210 ---- curl, libcurl

ID: oval:org.secpod.oval:def:1600309Date: (C)2016-05-19   (M)2023-12-07
Class: PATCHFamily: unix




The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Platform:
Amazon Linux AMI
Product:
curl
libcurl
Reference:
ALAS-2013-210
CVE-2013-1944
CVE    1
CVE-2013-1944
CPE    104
cpe:/a:haxx:curl:7.21.0
cpe:/a:haxx:curl:7.21.3
cpe:/a:haxx:curl:7.21.4
cpe:/a:haxx:curl:7.25.0
...

© SecPod Technologies