Affected system:
cURL cURL 7.31.0 - 7.37.1
Description:
BUGTRAQ ID: 6 9 7 4 2
CVE(CAN) ID: CVE-2 0 1 4-3 6 2 0
cURL/libcURL is a command-line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP.
cURL/libcURL 7.31.0 - 7.37.1 version error for TLD set a cookie, in the realization on the presence of a remote security restriction bypass vulnerability, an attacker can exploit this vulnerability to bypass security restrictions, perform unauthorized actions.
<*source: Tim Ruehsen *>
cURL
-—
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:
Patch: <http://curl.haxx.se/CVE-2014-3620.patch>
References: <http://curl.haxx.se/docs/adv_20140910B.html>