Lucene search

K

RedhatCVELIST:CVE-2014-3613

HistoryNov 18, 2014 - 3:00 p.m.

CVE-2014-3613

2014-11-1815:00:00

redhat

www.cve.org

9.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.8%

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

References

curl.haxx.se/docs/adv_20140910A.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

rhn.redhat.com/errata/RHSA-2015-1254.html

www.debian.org/security/2014/dsa-3022

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/69748

support.apple.com/kb/HT205031

9.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.8%

Related for CVELIST:CVE-2014-3613

openvas25 veracode3 prion1 debiancve1 cve1 nessus28 ubuntucve1 mageia2 nvd1 debian2 osv2 amazon1 ibm11 suse1 ubuntu1 fedora6 securityvulns5 f52 oraclelinux2 redhat2 centos2 photon2 oracle2