Lucene search

K

Veracode Vulnerability DatabaseVERACODE:7274

HistoryAug 13, 2018 - 3:18 a.m.

Cookie Leak

2018-08-1303:18:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

0.006 Low

EPSS

Percentile

78.0%

libcurl.so is vulnerable to cookie leak. A remote attacker is able to set or send arbitrary cookies for certain sites. libcurl.so parses IP addresses similar to domain names, where a site with an IP address of 192.168.0.1 can set or send cookies for another site ending with .168.0.1.

CPENameOperatorVersion
libcurl.sole4.3.0

References

curl.haxx.se/docs/adv_20140910A.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

rhn.redhat.com/errata/RHSA-2015-1254.html

www.debian.org/security/2014/dsa-3022

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/69748

curl.haxx.se/docs/adv_20140910A.html

github.com/curl/curl/commit/8a75dbeb2305297640453029b7905ef51b87e8dd

support.apple.com/kb/HT205031

0.006 Low

EPSS

Percentile

78.0%

Related for VERACODE:7274

prion1 veracode2 openvas25 nessus28 osv2 debiancve1 cve1 debian2 mageia2 nvd1 ubuntucve1 cvelist1 suse1 ubuntu1 amazon1 ibm11 fedora6 securityvulns5 f52 oraclelinux2 redhat2 centos2 photon2 oracle2