Lucene search
Ubuntu.comUB:CVE-2014-3620HistorySep 10, 2014 - 12:00 a.m.
CVE-2014-3620
2014-09-1000:00:00
ubuntu.com
ubuntu.com
15
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.8%
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same
Origin Policy and set cookies for arbitrary sites by setting a cookie for a
top-level domain.
Notes
| Author | Note |
|---|---|
| jdstrand | per upstream, only 7.31.0 to and including 7.37.1 |
| mdeslaur | introduced by https://github.com/bagder/curl/commit/85b9dc8023 |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1179)
2020-01-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-407)
2015-09-08 00:00:00
Ubuntu: Security Advisory (USN-2346-1)
2014-09-16 00:00:00
myhack58
myhack58
cve
cve
CVE-2014-3620
2014-11-18 15:59:01
prion
prion
Design/Logic Flaw
2014-11-18 15:59:00
debiancve
debiancve
CVE-2014-3620
2014-11-18 15:59:01
nessus
nessus
EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1179)
2019-04-09 00:00:00
Fedora 19 : curl-7.29.0-23.fc19 (2014-10714)
2014-10-09 00:00:00
Amazon Linux AMI : curl (ALAS-2014-407)
2014-10-12 00:00:00
veracode
veracode
Same Origin Policy Bypass
2018-08-13 03:00:56
cvelist
cvelist
CVE-2014-3620
2014-11-18 15:00:00
nvd
nvd
CVE-2014-3620
2014-11-18 15:59:01
ibm
ibm
Security Bulletin: Multiple vulnerabilities in cURL libcURL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2014-3613 CVE-2014-3620)
2018-06-17 14:50:46
securityvulns
securityvulns
libcurl information leakage
2014-09-15 00:00:00
[SECURITY] [DSA 3022-1] curl security update
2014-09-15 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
suse
suse
curl (important)
2014-09-17 23:04:13
ubuntu
ubuntu
curl vulnerabilities
2014-09-15 00:00:00
debian
debian
[SECURITY] [DSA 3022-1] curl security update
2014-09-10 17:51:18
osv
osv
curl - security update
2014-09-10 00:00:00
hackerone
hackerone
curl: CVE-2022-27779: cookie for trailing dot TLD
2022-04-28 08:30:28
amazon
amazon
Medium: curl
2014-09-17 21:45:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2014-09-24 20:44:28
fedora
fedora
[SECURITY] Fedora 21 Update: curl-7.37.0-7.fc21
2014-09-23 04:25:49
[SECURITY] Fedora 20 Update: curl-7.32.0-13.fc20
2014-09-14 03:27:04
[SECURITY] Fedora 20 Update: curl-7.32.0-15.fc20
2014-11-10 06:44:02
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0420
2023-07-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.8%
Related for UB:CVE-2014-3620