Lucene search

K
myhack58佚名MYHACK58:62201453600
HistorySep 13, 2014 - 12:00 a.m.

cURL/libcURL Cookie handling remote security bypass Vulnerability(CVE-2 0 1 4-3 6 2 0)-vulnerability warning-the black bar safety net

2014-09-1300:00:00
佚名
www.myhack58.com
64

EPSS

0.006

Percentile

77.8%

Affected system:

cURL cURL 7.31.0 - 7.37.1

Description:

BUGTRAQ ID: 6 9 7 4 2

CVE(CAN) ID: CVE-2 0 1 4-3 6 2 0

cURL/libcURL is a command-line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP.

cURL/libcURL 7.31.0 - 7.37.1 version error for TLD set a cookie, in the realization on the presence of a remote security restriction bypass vulnerability, an attacker can exploit this vulnerability to bypass security restrictions, perform unauthorized actions.

<*source: Tim Ruehsen *>

cURL

-—

The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:

<http://curl.haxx.se/&gt;

Patch: <http://curl.haxx.se/CVE-2014-3620.patch&gt;

References: <http://curl.haxx.se/docs/adv_20140910B.html&gt;