Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.47 views

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1543)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

6.5CVSS6.3AI score0.01685EPSS
Exploits2References3
OSV
OSV
added 2024/03/18 6:29 p.m.8 views

CLSA-2024-1710786562 Fix CVE(s): CVE-2023-46218

SECURITY UPDATE: Improper cookie domain verification allows malicious HTTP server to set 'super cookies' in package - debian/control: Build-Depends: add libpsl-dev - debian/patches/CVE-2023-46218.patch: Lowercase domain names before PSL checks to ensure proper comparison - CVE-2023-46218...

6.5CVSS6.8AI score0.01685EPSS
Exploits1References1
OSV
OSV
added 2024/03/14 5:16 p.m.7 views

CLSA-2024-1710436611 Fix CVE(s): CVE-2023-46218

SECURITY UPDATE: Insecure cookie domain verification - debian/patches/CVE-2023-46218.patch: lowercase domain names before PSL checks to fix cookie domain validation - CVE-2023-46218...

6.5CVSS6.7AI score0.01685EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2024/02/21 7:57 a.m.53 views

K000138650: cURL vulnerability CVE-2023-46218

Security Advisory Description This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It...

6.5CVSS6.6AI score0.01685EPSS
Exploits1Affected Software9
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.58 views

Curl 7.46.0 <= 8.4.0 Information Disclosure (CVE-2023-46218)

The version of Curl installed on the remote host is between 7.46.0 and 8.4.0. It is, therefore, affected by an information disclosure vulnerability. A mixed case flaw in Curl's function that verifies a given cookie domain against the Public Suffix List PSL allows a malicious HTTP server to set...

6.5CVSS6.4AI score0.01685EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2023/12/11 8:0 a.m.2 views

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.

...

6.5CVSS6.7AI score0.01685EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/12/07 2:5 a.m.4 views

SUSE CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

4.2CVSS6.8AI score0.01685EPSS
Exploits1References41
OSV
OSV
added 2023/12/07 1:15 a.m.3 views

ALPINE-CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.7AI score0.01685EPSS
Exploits1References1
OSV
OSV
added 2023/12/06 7:0 a.m.3 views

UBUNTU-CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS6.6AI score0.01685EPSS
Exploits1References5
Rows per page
Query Builder