Page 3 of 15 results (0.009 seconds)

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL y libcurl anteriores a 7.38.0 no manejan correctamente las direcciones IP en nombres de dominio de cookies, lo que permite a atacantes remotos usar cookies definidas por ellos mismos o enviar cookies arbitrarias a ciertos sitios, como originada por un sitio en 192.168.0.1 estableciendo las cookies para un sitio en 127.168.0.1. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. • http://curl.haxx.se/docs/adv_20140910A.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-1254.html http://www.debian.org/security/2014/dsa-3022 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936&# • CWE-284: Improper Access Control CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. cURL y libcurl anteriores a 7.38.0 permite a atacantes remotos evadir Same Origin Policy y configurar cookies para sitios arbitrarios mediante la configuración de una cookie de un dominio de nivel superior. • http://curl.haxx.se/docs/adv_20140910B.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html http://www.debian.org/security/2014/dsa-3022 http://www.openwall.com/lists/oss-security/2022/05/11/2 http://www.securityfocus.com/bid/69742 https://support.apple.com/kb/HT205031 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 131EXPL: 0

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. La función tailMatch en cookie.c en cURL y libcurl antes de v7.30.0 no comprueba correctamente la ruta del dominio al enviar las cookies, lo que permite robar las cookies a atacantes remotos a través de un sufijo coincidente en el dominio de una URL. • http://curl.haxx.se/docs/adv_20130412.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. lib/ssluse.c en cURL y libcurl v7.4 hasta v7.19.5, cuando se usa OpenSSL, no maneja de forma aecuada el caracter '\0' en un nombre de dominio en el campo sujeto del Common Name (CN) de un certificado X.509, lo que permite a atacantes de hombre en el medio hacer un spoofing de servidores SSL a través de la un certificado de una autoridad de Certificación legítima, manipulado, relativo a CVE_2009-2408. • http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417 • CWE-310: Cryptographic Issues •

CVSS: 6.8EPSS: 0%CPEs: 80EXPL: 2

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de localización a elección del usuario, lo que permite a servidores HTTP remotos (1)iniciar peticiones arbitrarias a servidores de red interna, (2) leer o sobreescribir ficheros arbitrariamente a través de una redirección a un fichero: URL, o (3) ejecutar comando arbitrariamente a través de una redirección a un scp: URL. libcURL suffers from an arbitrary file access and creation vulnerability. • https://www.exploit-db.com/exploits/32834 http://curl.haxx.se/docs/adv_20090303.html http://curl.haxx.se/lxr/source/CHANGES http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34237 http://secunia.com/advisories&# • CWE-352: Cross-Site Request Forgery (CSRF) •