Lucene search

Veracode Vulnerability DatabaseVERACODE:7271

HistoryAug 13, 2018 - 3:00 a.m.

Same Origin Policy Bypass

2018-08-1303:00:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

libcurl.so is vulnerable to same origin policy bypass. This is due to the libcurl’s cookie parser having no public suffix awareness, which could allow for cookies to be set for arbitrary sites by setting a cookie for a top-level domain.

CPENameOperatorVersion
libcurl.sole4.7.0
libcurl.sole4.7.0

CPE	Name	Operator	Version
	libcurl.so	le	4.7.0
	libcurl.so	le	4.7.0

References

curl.haxx.se/docs/adv_20140910B.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

www.debian.org/security/2014/dsa-3022

www.openwall.com/lists/oss-security/2022/05/11/2

www.securityfocus.com/bid/69742

curl.haxx.se/docs/adv_20140910B.html

github.com/curl/curl/commit/a76825a5efa6b41d3a1d4f275dada2f017f6f566

support.apple.com/kb/HT205031

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:7271