Detections
Analytics
Amazon Linux AMI : curl (ALAS-2013-210)
medium Nessus Plugin ID 69768
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.Solution
Run 'yum update curl' to update your system.See Also
Plugin Details
Severity: Medium
ID: 69768
File Name: ala_ALAS-2013-210.nasl
Version: 1.5
Type: local
Agent: unix
Published: 9/4/2013
Updated: 4/18/2018
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.5
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:curl, p-cpe:/a:amazon:linux:curl-debuginfo, p-cpe:/a:amazon:linux:libcurl, p-cpe:/a:amazon:linux:libcurl-devel, cpe:/o:amazon:linux
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 7/12/2013
Reference Information
CVE: CVE-2013-1944
ALAS: 2013-210