Lucene search

K
ubuntuUbuntuUSN-2346-1
HistorySep 15, 2014 - 12:00 a.m.

curl vulnerabilities

2014-09-1500:00:00
ubuntu.com
43

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.4

Confidence

Low

EPSS

0.006

Percentile

78.0%

Releases

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04
  • Ubuntu 10.04

Packages

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

Tim Ruehsen discovered that curl incorrectly handled partial literal IP
addresses. This could lead to the disclosure of cookies to the wrong site,
and malicious sites being able to set cookies for others. (CVE-2014-3613)

Tim Ruehsen discovered that curl incorrectly allowed cookies to be set
for Top Level Domains (TLDs). This could allow a malicious site to set a
cookie that gets sent to other sites. (CVE-2014-3620)

Rows per page:
1-10 of 261

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.4

Confidence

Low

EPSS

0.006

Percentile

78.0%