Lucene search
F5F5:K01006862HistoryApr 12, 2017 - 12:00 a.m.
K01006862 : cURL and libcurl vulnerability CVE-2016-8615
2017-04-1200:00:00
my.f5.com
9
Security Advisory Description
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. (CVE-2016-8615)
Impact
When a cURL connection stores a cookie state and is written into a cookie jar file that is later used for the subsequent cURL requests, a malicious web server can inject new cookies into the affected cookie jar for arbitrary domains. This exploit requires access to a malicious web server that serves cookies.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.5.5 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 |
Related
redhatcve
redhatcve
CVE-2016-8615
2016-11-02 08:17:22
ubuntucve
ubuntucve
CVE-2016-8615
2016-11-02 00:00:00
osv
osv
CVE-2016-8615
2018-08-01 06:29:00
curl - security update
2016-11-17 00:00:00
curl - security update
2016-11-03 00:00:00
debiancve
debiancve
CVE-2016-8615
2018-08-01 06:29:00
alpinelinux
alpinelinux
CVE-2016-8615
2018-08-01 06:29:00
nessus
nessus
F5 Networks BIG-IP : cURL and libcurl vulnerability (K01006862)
2017-12-26 00:00:00
OracleVM 3.4 : curl (OVMSA-2020-0035)
2020-09-02 00:00:00
Debian DLA-711-1 : curl security update
2016-11-18 00:00:00
cvelist
cvelist
CVE-2016-8615
2018-08-01 06:00:00
cve
cve
CVE-2016-8615
2018-08-01 06:29:00
veracode
veracode
Cookie Injection
2018-08-17 07:05:06
prion
prion
Design/Logic Flaw
2018-08-01 06:29:00
nvd
nvd
CVE-2016-8615
2018-08-01 06:29:00
ibm
ibm
archlinux
archlinux
[ASA-201611-8] libcurl-compat: multiple issues
2016-11-03 00:00:00
[ASA-201611-9] libcurl-gnutls: multiple issues
2016-11-03 00:00:00
[ASA-201611-5] lib32-libcurl-compat: multiple issues
2016-11-02 00:00:00
debian
debian
[SECURITY] [DLA 711-1] curl security update
2016-11-17 21:45:07
[SECURITY] [DSA 3705-1] curl security update
2016-11-03 23:07:00
openvas
openvas
Debian: Security Advisory (DLA-711-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1036)
2020-01-23 00:00:00
Fedora Update for curl FEDORA-2016-e8e8cdb4ed
2016-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: curl-7.47.1-9.fc24
2016-11-06 00:28:22
[SECURITY] Fedora 25 Update: curl-7.51.0-1.fc25
2016-11-19 21:51:02
oraclelinux
oraclelinux
curl security update
2020-10-06 00:00:00
curl security and bug fix update
2019-07-30 00:00:00
curl security and bug fix update
2019-08-13 00:00:00
amazon
amazon
Medium: curl
2016-11-10 18:00:00
suse
suse
Security update for curl (important)
2016-11-02 16:07:53
Security update for curl (important)
2016-11-10 17:06:47
Security update for curl (important)
2016-11-03 15:08:42
freebsd
freebsd
cURL -- multiple vulnerabilities
2016-11-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.51.0-alt1
2016-11-02 00:00:00
slackware
slackware
[slackware-security] curl
2016-11-04 03:34:42
cloudfoundry
cloudfoundry
USN-3123-1: curl vulnerabilities | Cloud Foundry
2016-12-13 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2016-11-03 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2018-01-03 19:40:26
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
redhat
redhat
apple
apple
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00