Lucene search

[email protected]NVD:CVE-2013-1944

HistoryApr 29, 2013 - 10:55 p.m.

CVE-2013-1944

2013-04-2922:55:08

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.3 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Affected configurations

NVD

Node

haxxcurlRange≤7.29.0

haxxcurlMatch6.0

haxxcurlMatch6.1

haxxcurlMatch6.1beta

haxxcurlMatch6.2

haxxcurlMatch6.3

haxxcurlMatch6.3.1

haxxcurlMatch6.4

haxxcurlMatch6.5

haxxcurlMatch6.5.1

haxxcurlMatch6.5.2

haxxcurlMatch7.1

haxxcurlMatch7.1.1

haxxcurlMatch7.2

haxxcurlMatch7.2.1

haxxcurlMatch7.3

haxxcurlMatch7.4

haxxcurlMatch7.4.1

haxxcurlMatch7.4.2

haxxcurlMatch7.5.1

haxxcurlMatch7.5.2

haxxcurlMatch7.6

haxxcurlMatch7.6.1

haxxcurlMatch7.7

haxxcurlMatch7.7.1

haxxcurlMatch7.7.2

haxxcurlMatch7.7.3

haxxcurlMatch7.8

haxxcurlMatch7.8.1

haxxcurlMatch7.9

haxxcurlMatch7.9.1

haxxcurlMatch7.9.2

haxxcurlMatch7.9.3

haxxcurlMatch7.9.4

haxxcurlMatch7.9.5

haxxcurlMatch7.9.6

haxxcurlMatch7.9.7

haxxcurlMatch7.9.8

haxxcurlMatch7.10

haxxcurlMatch7.10.1

haxxcurlMatch7.10.2

haxxcurlMatch7.10.3

haxxcurlMatch7.10.4

haxxcurlMatch7.10.5

haxxcurlMatch7.10.6

haxxcurlMatch7.10.7

haxxcurlMatch7.10.8

haxxcurlMatch7.11.0

haxxcurlMatch7.11.1

haxxcurlMatch7.11.2

haxxcurlMatch7.12.0

haxxcurlMatch7.12.1

haxxcurlMatch7.12.2

haxxcurlMatch7.12.3

haxxcurlMatch7.13.0

haxxcurlMatch7.13.1

haxxcurlMatch7.13.2

haxxcurlMatch7.14.0

haxxcurlMatch7.14.1

haxxcurlMatch7.15.0

haxxcurlMatch7.15.1

haxxcurlMatch7.15.2

haxxcurlMatch7.15.3

haxxcurlMatch7.15.4

haxxcurlMatch7.15.5

haxxcurlMatch7.16.0

haxxcurlMatch7.16.1

haxxcurlMatch7.16.2

haxxcurlMatch7.16.3

haxxcurlMatch7.16.4

haxxcurlMatch7.17.0

haxxcurlMatch7.17.1

haxxcurlMatch7.18.0

haxxcurlMatch7.18.1

haxxcurlMatch7.18.2

haxxcurlMatch7.19.0

haxxcurlMatch7.19.1

haxxcurlMatch7.19.2

haxxcurlMatch7.19.3

haxxcurlMatch7.19.4

haxxcurlMatch7.19.5

haxxcurlMatch7.19.6

haxxcurlMatch7.19.7

haxxcurlMatch7.20.0

haxxcurlMatch7.20.1

haxxcurlMatch7.21.0

haxxcurlMatch7.21.1

haxxcurlMatch7.21.2

haxxcurlMatch7.21.3

haxxcurlMatch7.21.4

haxxcurlMatch7.21.5

haxxcurlMatch7.21.6

haxxcurlMatch7.21.7

haxxcurlMatch7.22.0

haxxcurlMatch7.23.0

haxxcurlMatch7.23.1

haxxcurlMatch7.24.0

haxxcurlMatch7.25.0

haxxcurlMatch7.26.0

haxxcurlMatch7.27.0

haxxcurlMatch7.28.0

haxxcurlMatch7.28.1

Node

haxxlibcurlRange≤7.29.0

haxxlibcurlMatch7.14.0

haxxlibcurlMatch7.14.1

haxxlibcurlMatch7.15.0

haxxlibcurlMatch7.15.1

haxxlibcurlMatch7.15.2

haxxlibcurlMatch7.15.3

haxxlibcurlMatch7.15.4

haxxlibcurlMatch7.15.5

haxxlibcurlMatch7.16.0

haxxlibcurlMatch7.16.2

haxxlibcurlMatch7.16.3

haxxlibcurlMatch7.16.4

haxxlibcurlMatch7.17.0

haxxlibcurlMatch7.17.1

haxxlibcurlMatch7.18.0

haxxlibcurlMatch7.18.2

haxxlibcurlMatch7.19.3

haxxlibcurlMatch7.20.0

haxxlibcurlMatch7.21.2

haxxlibcurlMatch7.22.0

haxxlibcurlMatch7.23.0

haxxlibcurlMatch7.28.0

haxxlibcurlMatch7.28.1

Node

canonicalubuntu_linuxMatch8.04-lts

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

References

curl.haxx.se/docs/adv_20130412.html

lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html

lists.opensuse.org/opensuse-updates/2013-06/msg00013.html

lists.opensuse.org/opensuse-updates/2013-06/msg00016.html

rhn.redhat.com/errata/RHSA-2013-0771.html

secunia.com/advisories/53044

secunia.com/advisories/53051

secunia.com/advisories/53097

www.debian.org/security/2012/dsa-2660

www.mandriva.com/security/advisories?name=MDVSA-2013:151

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.osvdb.org/92316

www.securityfocus.com/bid/59058

www.ubuntu.com/usn/USN-1801-1

bugzilla.redhat.com/show_bug.cgi?id=950577

github.com/bagder/curl/commit/2eb8dcf26cb37f09cffe26909a646e702dbcab66

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.3 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for NVD:CVE-2013-1944

nessus27 openvas29 osv1 f52 cve1 fedora8 ubuntu1 veracode1 debiancve1 securityvulns2 seebug1 amazon1 debian1 oraclelinux1 centos1 ubuntucve1 prion1 redhat1 cvelist1 gentoo1 photon2