cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
http://curl.haxx.se/docs/adv_20140910A.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-1254.html
http://www.debian.org/security/2014/dsa-3022
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
OR
cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* versions up to 7.37.1 (inclusive)
OR
cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* versions up to 7.37.1 (inclusive)
OR
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.10.4 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
125002 | EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549) | Nessus | Huawei Local Security Checks | high |
87554 | Scientific Linux Security Update : curl on SL7.x x86_64 (20151119) | Nessus | Scientific Linux Local Security Checks | medium |
87138 | CentOS 7 : curl (CESA-2015:2159) | Nessus | CentOS Local Security Checks | medium |
87028 | Oracle Linux 7 : curl (ELSA-2015-2159) | Nessus | Oracle Linux Local Security Checks | medium |
86934 | RHEL 7 : curl (RHSA-2015:2159) | Nessus | Red Hat Local Security Checks | medium |
8981 | Mac OS X < 10.10.5 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | high |
85408 | Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | high |
85191 | Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722) | Nessus | Scientific Linux Local Security Checks | medium |
85148 | OracleVM 3.3 : curl (OVMSA-2015-0107) | Nessus | OracleVM Local Security Checks | medium |
85096 | Oracle Linux 6 : curl (ELSA-2015-1254) | Nessus | Oracle Linux Local Security Checks | medium |
85009 | CentOS 6 : curl (CESA-2015:1254) | Nessus | CentOS Local Security Checks | medium |
84912 | RHEL 6 : curl (RHSA-2015:1254) | Nessus | Red Hat Local Security Checks | medium |
82351 | Mandriva Linux Security Advisory : curl (MDVSA-2015:098) | Nessus | Mandriva Local Security Checks | medium |
82209 | Debian DLA-64-1 : curl security update | Nessus | Debian Local Security Checks | medium |
81121 | SuSE 11.3 Security Update : curl (SAT Patch Number 10166) | Nessus | SuSE Local Security Checks | medium |
80663 | Oracle Solaris Third-Party Patch Update : libcurl (cve_2014_3613_cookie_leak) | Nessus | Solaris Local Security Checks | medium |
80325 | Fedora 21 : mingw-curl-7.39.0-1.fc21 (2014-17601) | Nessus | Fedora Local Security Checks | medium |
80324 | Fedora 20 : mingw-curl-7.39.0-1.fc20 (2014-17596) | Nessus | Fedora Local Security Checks | medium |
78350 | Amazon Linux AMI : curl (ALAS-2014-407) | Nessus | Amazon Linux Local Security Checks | medium |
78093 | Fedora 19 : curl-7.29.0-23.fc19 (2014-10714) | Nessus | Fedora Local Security Checks | medium |
77887 | Mandriva Linux Security Advisory : curl (MDVSA-2014:187) | Nessus | Mandriva Local Security Checks | medium |
77792 | Fedora 21 : curl-7.37.0-7.fc21 (2014-10679) | Nessus | Fedora Local Security Checks | medium |
77734 | openSUSE Security Update : curl (openSUSE-SU-2014:1139-1) | Nessus | SuSE Local Security Checks | medium |
77701 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : curl vulnerabilities (USN-2346-1) | Nessus | Ubuntu Local Security Checks | medium |
77677 | Fedora 20 : curl-7.32.0-13.fc20 (2014-10741) | Nessus | Fedora Local Security Checks | medium |
8385 | cURL/libcURL 7.x < 7.38.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
77611 | Debian DSA-3022-1 : curl - security update | Nessus | Debian Local Security Checks | medium |