CVE-2014-3620

Related Files

Apple Security Advisory 2015-08-13-2

Posted Aug 13, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.

tags | advisory, vulnerability

systems | apple, osx

advisories | CVE-2009-5044, CVE-2009-5078, CVE-2012-6685, CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2013-7040, CVE-2013-7338, CVE-2013-7422, CVE-2014-0067, CVE-2014-0106, CVE-2014-0191, CVE-2014-1912, CVE-2014-3581, CVE-2014-3583, CVE-2014-3613, CVE-2014-3620, CVE-2014-3660, CVE-2014-3707, CVE-2014-7185, CVE-2014-7844, CVE-2014-8109, CVE-2014-8150, CVE-2014-8151, CVE-2014-8161, CVE-2014-8767, CVE-2014-8769

SHA-256 | 1ccd5f307af57152abb6e4f0da773ca4420fb7a6e98f26301366a9071ecc9a33

Download | Favorite | View

Mandriva Linux Security Advisory 2015-098

Posted Mar 30, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-098 - Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials. Various other issues were also addressed.

tags | advisory, web, protocol

systems | linux, mandriva

advisories | CVE-2014-0015, CVE-2014-0138, CVE-2014-0139, CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150

SHA-256 | 238c9d05fcd4c3b08f5247b6e8c3855e7a760b684bb0b2f4b2fd169a52c9dffc

Download | Favorite | View

Mandriva Linux Security Advisory 2014-187

Posted Sep 25, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-187 - In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to access the site. In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top Level Domains , thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.

tags | advisory, arbitrary

systems | linux, mandriva

advisories | CVE-2014-3613, CVE-2014-3620

SHA-256 | b3f22c75a92b1ce4ae6784727ffb767952bc3783b07b4700c6e473764db78e78

Download | Favorite | View

Ubuntu Security Notice USN-2346-1

Posted Sep 15, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2346-1 - Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a malicious site to set a cookie that gets sent to other sites.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2014-3613, CVE-2014-3620

SHA-256 | 569add75b7a86ea622af485c4086142e1e91cb1b462d2168fa594424e1de799c

Download | Favorite | View

Debian Security Advisory 3022-1

Posted Sep 11, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3022-1 - Two vulnerabilities have been discovered in cURL, an URL transfer library. They can be use to leak cookie information.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2014-3613, CVE-2014-3620

SHA-256 | 5c7afe71736f0b0541d990e07c5812c715b4de0cb69860da5982335e93295eab

Download | Favorite | View