Amazon Linux AMI : curl Information Disclosure Vulnerability (ALAS-2013-210)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A flaw was found in the way libcurl matched domains associated with
cookies. This could lead to cURL or an application linked against
libcurl sending the wrong cookie if only part of the domain name
matched the domain associated with the cookie, disclosing the cookie
to unrelated hosts.

See also :

http://www.nessus.org/u?74f65e3b

Solution :

Run 'yum update curl' to update your system.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69768 ()

Bugtraq ID:

CVE ID: CVE-2013-1944