Lucene search
+L

149 matches found

OSV
OSV
added 2015/04/30 1:27 p.m.6 views

USN-2591-1 curl vulnerabilities

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143 Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially...

9CVSS7.2AI score0.3763EPSS
Exploits0References6
CNVD
CNVD
added 2015/04/27 12:0 a.m.3 views

cURL and libcurl Denial of Service Vulnerabilities (CNVD-2015-02753)

CURL is a set of file transfer tools that utilize URL syntax to work at the command line.Libcurl is a free, open source client-side URL transfer library. A security vulnerability exists in the 'sanitizecookiepath' function in Haxx cURL and libcurl versions 7.31.0 through 7.41.0, which stems from...

7.5CVSS7AI score0.3763EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/04/27 12:0 a.m.32 views

Fedora 22 : curl-7.40.0-3.fc22 (2015-6695)

require credentials to match for NTLM re-use CVE-2015-3143 - fix invalid write with a zero-length host name in URL CVE-2015-3144 - fix invalid write in cookie path sanitization code CVE-2015-3145 - close Negotiate connections when done CVE-2015-3148 Note that Tenable Network Security has...

9CVSS7.5AI score0.3763EPSS
Exploits0References9
OSV
OSV
added 2015/04/24 2:59 p.m.4 views

DEBIAN-CVE-2015-3145

The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...

7.5CVSS7.4AI score0.3763EPSS
Exploits0References1
OSV
OSV
added 2015/04/24 2:59 p.m.11 views

CVE-2015-3145

The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...

7.5CVSS6.9AI score0.3763EPSS
Exploits0References20
Prion
Prion
added 2015/04/24 2:59 p.m.26 views

Out-of-bounds

The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...

7.5CVSS7.5AI score0.3763EPSS
Exploits0References20Affected Software9
curl security advisories
curl security advisories
added 2015/04/22 8:0 a.m.8 views

cookie parser out of boundary memory access

libcurl supports HTTP "cookies" as documented in RFC 6265. Together with each individual cookie there are several different properties, but for this vulnerability we focus on the associated "path" element. It tells information about for which path on a given host the cookie is valid. The internal...

7.5CVSS8AI score0.3763EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2015/04/22 12:0 a.m.8 views

PT-2015-6076 · Curl +4 · Libcurl +4

Name of the Vulnerable Software and Affected Versions: libcurl versions 7.31.0 through 7.41.0 Description: The issue arises from the sanitize cookie path function not properly validating input, specifically when encountering a cookie path containing only a double-quote character. This can lead to...

9.8CVSS8.3AI score0.3763EPSS
Exploits12References92
UbuntuCve
UbuntuCve
added 2015/04/22 12:0 a.m.34 views

CVE-2015-3145

The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...

7.5CVSS7.2AI score0.3763EPSS
Exploits0References3
OSV
OSV
added 2015/04/22 12:0 a.m.4 views

UBUNTU-CVE-2015-3145

The sanitizecookiepath function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly have other unspecified impact via a cookie path containing only a double-quote...

7.5CVSS7.2AI score0.3763EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Apple Safari 1.x Cookie Path Traversal Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content,...

7.1AI score
Exploits0
Prion
Prion
added 2013/07/03 1:54 p.m.19 views

Path traversal

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path...

4CVSS6.5AI score0.00842EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2013/07/03 10:0 a.m.28 views

CVE-2013-0456

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to hijack sessions via a modified cookie path...

6.1AI score0.00842EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/06/06 12:0 a.m.27 views

Fedora 15 : phpMyAdmin-3.4.1-1.fc15 (2011-7684)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

6AI score
Exploits0References2
NVD
NVD
added 2010/11/12 10:0 p.m.16 views

CVE-2010-3898

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator aka ESAdmin cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site...

5CVSS6.7AI score0.01351EPSS
Exploits1References4
Prion
Prion
added 2010/11/12 10:0 p.m.13 views

Authentication flaw

IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator aka ESAdmin cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site...

5CVSS7.2AI score0.01351EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2007/06/01 12:30 a.m.25 views

Path traversal

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via 1 a large cookie path parameter, which triggers memory consumption, or 2 an internal delimiter within cookie path or name values, which could trigg...

4.3CVSS6.5AI score0.07831EPSS
Exploits0References36Affected Software2
UbuntuCve
UbuntuCve
added 2007/06/01 12:30 a.m.29 views

CVE-2007-1362

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via 1 a large cookie path parameter, which triggers memory consumption, or 2 an internal delimiter within cookie path or name values, which could trigg...

4.3CVSS6AI score0.07831EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2007/05/31 2:47 a.m.3 views

Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via 1 a large cookie path parameter, which triggers memory consumption, or 2 an internal delimiter within cookie path or name values, which could trigg...

6.8CVSS6.3AI score0.13847EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/05/31 1:50 a.m.7 views

Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via 1 a large cookie path parameter, which triggers memory consumption, or 2 an internal delimiter within cookie path or name values, which could trigg...

6.8CVSS6.3AI score0.13847EPSS
Exploits0References4
Rows per page
Query Builder