Computer Security
[EN] securityvulns.ru no-pyccku


libcurl information leakage
Published:15.09.2014
Source:
SecurityVulns ID:13962
Type:library
Threat Level:
6/10
Description:Cookie can be leaked to wrong site.
Affected:CURL : libcurl 7.38
CVE:CVE-2014-3620 (cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.)
 CVE-2014-3613 (cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3022-1] curl security update (15.09.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod