CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3613 – curl: incorrect handling of IP addresses in cookie domain
https://notcve.org/view.php?id=CVE-2014-3613
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. cURL y libcurl anteriores a 7.38.0 no manejan correctamente las direcciones IP en nombres de dominio de cookies, lo que permite a atacantes remotos usar cookies definidas por ellos mismos o enviar cookies arbitrarias a ciertos sitios, como originada por un sitio en 192.168.0.1 estableciendo las cookies para un sitio en 127.168.0.1. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. • http://curl.haxx.se/docs/adv_20140910A.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-1254.html http://www.debian.org/security/2014/dsa-3022 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936&# • CWE-284: Improper Access Control CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 9%CPEs: 169EXPL: 1CVE-2013-2174 – curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs
https://notcve.org/view.php?id=CVE-2013-2174
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Desbordamiento de búfer basado en memoria dinámica en la función curl_easy_unescape en lib/escape.c en cURL y libcurl 7.7 a la 7.30.0, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código arbitrario a través de una cadena manipulada que termina con el carácter "%". • http://curl.haxx.se/docs/adv_20130622.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0983.html http://www.debian.org/security/2013/dsa-2713 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/60737 http://www.ubuntu.com/usn/USN-1894-1 https://github.com/bagder/curl/commit/192c4f788d48 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.0EPSS: 0%CPEs: 131EXPL: 0CVE-2013-1944 – curl: Cookie domain suffix match vulnerability
https://notcve.org/view.php?id=CVE-2013-1944
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. La función tailMatch en cookie.c en cURL y libcurl antes de v7.30.0 no comprueba correctamente la ruta del dominio al enviar las cookies, lo que permite robar las cookies a atacantes remotos a través de un sufijo coincidente en el dominio de una URL. • http://curl.haxx.se/docs/adv_20130412.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 80EXPL: 2CVE-2009-0037 – cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass
https://notcve.org/view.php?id=CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de localización a elección del usuario, lo que permite a servidores HTTP remotos (1)iniciar peticiones arbitrarias a servidores de red interna, (2) leer o sobreescribir ficheros arbitrariamente a través de una redirección a un fichero: URL, o (3) ejecutar comando arbitrariamente a través de una redirección a un scp: URL. libcURL suffers from an arbitrary file access and creation vulnerability. • https://www.exploit-db.com/exploits/32834 http://curl.haxx.se/docs/adv_20090303.html http://curl.haxx.se/lxr/source/CHANGES http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34237 http://secunia.com/advisories&# • CWE-352: Cross-Site Request Forgery (CSRF) •