PRIOn knowledge basePRION:CVE-2013-1944Design/Logic Flaw
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 8.4 lts | |
| ubuntu_linux | eq | 11.10 | |
| ubuntu_linux | eq | 12.10 | |
| ubuntu_linux | eq | 12.4 lts | |
| ubuntu_linux | eq | 10.4 lts | |
| curl | eq | 7.7 | |
| curl | eq | 7.21.3 | |
| curl | eq | 7.10 | |
| curl | eq | 7.15.1 | |
| curl | eq | 7.24.0 |
References
curl.haxx.se/docs/adv_20130412.html
lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
lists.opensuse.org/opensuse-updates/2013-06/msg00013.html
lists.opensuse.org/opensuse-updates/2013-06/msg00016.html
rhn.redhat.com/errata/RHSA-2013-0771.html
secunia.com/advisories/53044
secunia.com/advisories/53051
secunia.com/advisories/53097
www.debian.org/security/2012/dsa-2660
www.mandriva.com/security/advisories?name=MDVSA-2013:151
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.osvdb.org/92316
www.securityfocus.com/bid/59058
www.ubuntu.com/usn/USN-1801-1
bugzilla.redhat.com/show_bug.cgi?id=950577
github.com/bagder/curl/commit/2eb8dcf26cb37f09cffe26909a646e702dbcab66
lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html
lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121
Related
