A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.

CPENameOperatorVersion
curllt7.51.0

CPE	Name	Operator	Version
	curl	lt	7.51.0

References

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/94096

www.securitytracker.com/id/1037192

access.redhat.com/errata/RHSA-2018:2486

access.redhat.com/errata/RHSA-2018:3558

bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615

curl.haxx.se/CVE-2016-8615.patch

curl.haxx.se/docs/adv_20161102A.html

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

security.gentoo.org/glsa/201701-47

www.tenable.com/security/tns-2016-21

redhatcve 1

ubuntucve 1

osv 3

debiancve 1

f5 1

alpinelinux 1

nessus 25

cvelist 1

cve 1

veracode 1

nvd 1

ibm 4

archlinux 6

debian 2

openvas 17

fedora 2

oraclelinux 6

amazon 1

suse 6

freebsd 1

altlinux 1

slackware 1

cloudfoundry 1

ubuntu 1

mageia 1

gentoo 1

rosalinux 1

redhat 2

apple 2

oracle 2

redhatcve

CVE-2016-8615

2016-11-02 08:17:22

ubuntucve

CVE-2016-8615

2016-11-02 00:00:00

osv

CVE-2016-8615

2018-08-01 06:29:00

curl - security update

2016-11-17 00:00:00

curl - security update

2016-11-03 00:00:00

debiancve

CVE-2016-8615

2018-08-01 06:29:00

K01006862 : cURL and libcurl vulnerability CVE-2016-8615

2017-04-12 00:00:00

alpinelinux

CVE-2016-8615

2018-08-01 06:29:00

nessus

F5 Networks BIG-IP : cURL and libcurl vulnerability (K01006862)

2017-12-26 00:00:00

OracleVM 3.4 : curl (OVMSA-2020-0035)

2020-09-02 00:00:00

Debian DLA-711-1 : curl security update

2016-11-18 00:00:00

cvelist

CVE-2016-8615

2018-08-01 06:00:00

cve

CVE-2016-8615

2018-08-01 06:29:00

veracode

Cookie Injection

2018-08-17 07:05:06

nvd

CVE-2016-8615

2018-08-01 06:29:00

ibm

Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM)

2018-06-18 01:36:39

Security Bulletin: Vulnerabilities in cURL affect IBM Flex System Chassis Management Module (CMM)

2019-01-31 02:25:02

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl

2019-01-31 02:25:02

archlinux

[ASA-201611-8] libcurl-compat: multiple issues

2016-11-03 00:00:00

[ASA-201611-9] libcurl-gnutls: multiple issues

2016-11-03 00:00:00

[ASA-201611-5] lib32-libcurl-compat: multiple issues

2016-11-02 00:00:00

debian

[SECURITY] [DLA 711-1] curl security update

2016-11-17 21:45:07

[SECURITY] [DSA 3705-1] curl security update

2016-11-03 23:07:00

openvas

Debian: Security Advisory (DLA-711-1)

2023-03-08 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1036)

2020-01-23 00:00:00

Debian Security Advisory DSA 3705-1 (curl - security update)

2016-11-03 00:00:00

fedora

[SECURITY] Fedora 24 Update: curl-7.47.1-9.fc24

2016-11-06 00:28:22

[SECURITY] Fedora 25 Update: curl-7.51.0-1.fc25

2016-11-19 21:51:02

oraclelinux

curl security update

2020-10-06 00:00:00

curl security and bug fix update

2019-07-30 00:00:00

curl security and bug fix update

2019-08-13 00:00:00

amazon

Medium: curl

2016-11-10 18:00:00

suse

Security update for curl (important)

2016-11-02 16:07:53

Security update for curl (important)

2016-11-03 15:08:42

Security update for curl (important)

2016-11-10 17:06:47

freebsd

cURL -- multiple vulnerabilities

2016-11-02 00:00:00

altlinux

Security fix for the ALT Linux 8 package curl version 7.51.0-alt1

2016-11-02 00:00:00

slackware

[slackware-security] curl

2016-11-04 03:34:42

cloudfoundry

USN-3123-1: curl vulnerabilities | Cloud Foundry

2016-12-13 00:00:00

ubuntu

curl vulnerabilities

2016-11-03 00:00:00

mageia

Updated curl packages fix security vulnerability

2018-01-03 19:40:26

gentoo

cURL: Multiple vulnerabilities

2017-01-19 00:00:00

rosalinux

Advisory ROSA-SA-2021-1818

2021-07-02 16:36:57

redhat

(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

2018-08-16 16:05:21

(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update

2018-11-13 08:00:33

apple

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite

2016-12-13 00:00:00

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support

2020-07-27 08:14:17

oracle

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for PRION:CVE-2016-8615