5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
libcurl.so is vulnerable to same origin policy bypass. This is due to the libcurl’s cookie parser having no public suffix awareness, which could allow for cookies to be set for arbitrary sites by setting a cookie for a top-level domain.
CPE | Name | Operator | Version |
---|---|---|---|
libcurl.so | le | 4.7.0 | |
libcurl.so | le | 4.7.0 |
curl.haxx.se/docs/adv_20140910B.html
kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html
www.debian.org/security/2014/dsa-3022
www.openwall.com/lists/oss-security/2022/05/11/2
www.securityfocus.com/bid/69742
curl.haxx.se/docs/adv_20140910B.html
github.com/curl/curl/commit/a76825a5efa6b41d3a1d4f275dada2f017f6f566
support.apple.com/kb/HT205031