CVE-2015-3145

HIGH

Description

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

References

http://advisories.mageia.org/MGASA-2015-0179.html

http://curl.haxx.se/docs/adv_20150422C.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html

http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html

http://www.debian.org/security/2015/dsa-3232

http://www.mandriva.com/security/advisories?name=MDVSA-2015:219

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.securityfocus.com/bid/74303

http://www.securitytracker.com/id/1032232

http://www.ubuntu.com/usn/USN-2591-1

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

https://security.gentoo.org/glsa/201509-02

https://support.apple.com/kb/HT205031

Details

Source: MITRE

Published: 2015-04-24

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*

cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* versions up to 7.5.3.1 (inclusive)

Configuration 8

OR

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
90251HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)NessusWeb Servers
high
90150HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)NessusWeb Servers
critical
86662Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2015-302-01)NessusSlackware Local Security Checks
high
8981Mac OS X < 10.10.5 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
86133GLSA-201509-02 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
8863cURL / libcURL 7.x < 7.42.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
85408Mac OS X 10.10.x < 10.10.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
83988SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0990-1)NessusSuSE Local Security Checks
high
83243Mandriva Linux Security Advisory : curl (MDVSA-2015:219)NessusMandriva Local Security Checks
high
83237Fedora 21 : mingw-curl-7.42.0-1.fc21 (2015-6853)NessusFedora Local Security Checks
high
83212Fedora 22 : mingw-curl-7.42.0-1.fc22 (2015-6864)NessusFedora Local Security Checks
high
83208Fedora 21 : curl-7.37.0-14.fc21 (2015-6728)NessusFedora Local Security Checks
high
83182Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : curl vulnerabilities (USN-2591-1)NessusUbuntu Local Security Checks
high
83159openSUSE Security Update : curl (openSUSE-2015-336)NessusSuSE Local Security Checks
high
83128Fedora 20 : curl-7.32.0-20.fc20 (2015-6712)NessusFedora Local Security Checks
high
83078Fedora 22 : curl-7.40.0-3.fc22 (2015-6695)NessusFedora Local Security Checks
high
83057Amazon Linux AMI : curl (ALAS-2015-514)NessusAmazon Linux Local Security Checks
high
83003Debian DSA-3232-1 : curl - security updateNessusDebian Local Security Checks
high