Lucene search

RedhatCVE-2014-3620

HistoryNov 18, 2014 - 3:59 p.m.

CVE-2014-3620

2014-11-1815:59:01

CWE-310

redhat

web.nvd.nist.gov

curl

libcurl

cve-2014-3620

same origin policy

remote attack

cookie setting

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.006

Percentile

77.8%

JSON

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Affected configurations

Nvd

Node

haxxcurlRange≤7.37.1

haxxcurlMatch7.31.0

haxxcurlMatch7.32.0

haxxcurlMatch7.33.0

haxxcurlMatch7.34.0

haxxcurlMatch7.35.0

haxxcurlMatch7.36.0

haxxcurlMatch7.37.0

Node

haxxlibcurlRange≤7.37.1

haxxlibcurlMatch7.31.0

haxxlibcurlMatch7.32.0

haxxlibcurlMatch7.33.0

haxxlibcurlMatch7.34.0

haxxlibcurlMatch7.35.0

haxxlibcurlMatch7.36.0

haxxlibcurlMatch7.37.0

Node

applemac_os_xRange≤10.10.4

VendorProductVersionCPE
haxxcurl*cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
haxxcurl7.31.0cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
haxxcurl7.32.0cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
haxxcurl7.33.0cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
haxxcurl7.34.0cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
haxxcurl7.35.0cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
haxxcurl7.36.0cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
haxxcurl7.37.0cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
haxxlibcurl*cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
haxxlibcurl7.31.0cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
haxx	curl	*	cpe:2.3:a:haxx:curl::::::::
haxx	curl	7.31.0	cpe:2.3:a:haxx:curl:7.31.0:::::::*
haxx	curl	7.32.0	cpe:2.3:a:haxx:curl:7.32.0:::::::*
haxx	curl	7.33.0	cpe:2.3:a:haxx:curl:7.33.0:::::::*
haxx	curl	7.34.0	cpe:2.3:a:haxx:curl:7.34.0:::::::*
haxx	curl	7.35.0	cpe:2.3:a:haxx:curl:7.35.0:::::::*
haxx	curl	7.36.0	cpe:2.3:a:haxx:curl:7.36.0:::::::*
haxx	curl	7.37.0	cpe:2.3:a:haxx:curl:7.37.0:::::::*
haxx	libcurl	*	cpe:2.3:a:haxx:libcurl::::::::
haxx	libcurl	7.31.0	cpe:2.3:a:haxx:libcurl:7.31.0:::::::*