MiracleLinux 3 : curl-7.15.5-16.AXS3 (AXSA:2013-417:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-417:02 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

MiracleLinux 4 : curl-7.19.7-36.AXS4 (AXSA:2013-429:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-429:02 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

K15875: cURL vulnerability CVE-2013-1944

Security Advisory Description The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. CVE-2013-1944 Impact Allows unauthorized...

SUSE: Security Advisory (SUSE-SU-2013:0773-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0772-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2013-0771)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201401-14

Gentoo Linux Local Security Checks GLSA 201401-14 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

F5 Networks BIG-IP : cURL vulnerability (SOL15875)

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. CVE-2013-1944 C Tenable Network Security, Inc. The descriptive text and...

SOL15875 - cURL vulnerability CVE-2013-1944

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

openSUSE Security Update : curl (openSUSE-SU-2013:0876-1)

libcurl was updated to fix a cookie tail matching flaw which could lead to attackers gaining cookie access depending on domain names. CVE-2013-1944,bnc814655 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Fedora Update for curl FEDORA-2013-11574

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 5 / 6 : curl (ELSA-2013-0771)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0771 advisory. 7.19.7-36 - fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Tenable has extracted the preceding description block directly from the...

Medium: curl

Issue Overview: The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Affected Packages: curl Issue Correction: Run yum update...

SuSE 10 Security Update : libcurl4 (ZYPP Patch Number 8618) (BEAST)

This update of curl fixes several security issues : - libcurl URL decode buffer boundary flaw. bnc824517 / CVE-2013-2174 - cookie domain tailmatch. bnc814655 / CVE-2013-1944 - curl sets SSLOPALL. bnc742306 / CVE-2011-3389 - When SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly...

SuSE 10 Security Update : curl, curl (ZYPP Patch Number 8550)

This update fixes the cookie domain tailmatch vulnerability in curl. CVE-2013-1944 has been assigned to this issue. Also the CA-Cert Bundle has been updated to the current state. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8557)

This update of compat-curl2 fixes several security issues. - fixes for the cookie domain tailmatch vulnerability. bnc814655 - updated curl CA-Cert Bundle. bnc810010 - fixes for a potential BEAST attack bnc742306 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

SuSE 11.2 Security Update : curl (SAT Patch Number 7633)

This update fixes the cookie domain tailmatch vulnerability in curl. CVE-2013-1944 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...

Fedora 18 : curl-7.27.0-9.fc18 (2013-6766)

prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 19 : curl-7.29.0-6.fc19 (2013-6780)

prevent an artificial timeout event due to stale speed-check data 906031 - show proper host name on failed resolve 957173 fix cookie tailmatching to prevent cross-domain leakage CVE-2013-1944 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

CVE-2013-1944

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL...