Lucene search

K
cvelistRedhatCVELIST:CVE-2014-3613
HistoryNov 18, 2014 - 3:00 p.m.

CVE-2014-3613

2014-11-1815:00:00
redhat
www.cve.org

9.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.7%

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.