Lucene search

K

PRIOn knowledge basePRION:CVE-2014-3613

HistoryNov 18, 2014 - 3:59 p.m.

Code injection

2014-11-1815:59:00

PRIOn knowledge base

www.prio-n.com

5

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.2%

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

CPENameOperatorVersion
mac_os_xle10.10.4
curleq7.35.0
curleq7.32.0
curleq7.33.0
curleq7.36.0
curlle7.37.1
curleq7.31.0
curleq7.34.0
curleq7.37.0
libcurleq7.37.0

Rows per page:

1-10 of 171

References

curl.haxx.se/docs/adv_20140910A.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

rhn.redhat.com/errata/RHSA-2015-1254.html

www.debian.org/security/2014/dsa-3022

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/69748

support.apple.com/kb/HT205031

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.2%

Related for PRION:CVE-2014-3613

veracode3 openvas25 osv2 nessus27 cve1 mageia2 ubuntucve1 debian2 debiancve1 suse1 ubuntu1 ibm11 amazon1 securityvulns5 fedora6 f52 redhat2 oraclelinux2 centos2 photon2 oracle2