exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2013-1944

Status Candidate

Overview

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Related Files

Gentoo Linux Security Advisory 201401-14
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422
MD5 | 3ce972737b30b0c5dc026e59570caab5
Mandriva Linux Security Advisory 2013-151
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-151 - libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1944
MD5 | 4d4a3d293c2bcde61e955cf16eed1506
Red Hat Security Advisory 2013-0771-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0771-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2013-1944
MD5 | ef4893d680b58efebd80d07d6c7e0bce
Debian Security Advisory 2660-1
Posted Apr 20, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2660-1 - Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain 'ample.com' could accidentally also be sent by libcurl when communicating with 'example.com'.

tags | advisory
systems | linux, debian
advisories | CVE-2013-1944
MD5 | 60cdd4c39c7b7c0f6d5d73fa37f5d619
Ubuntu Security Notice USN-1801-1
Posted Apr 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1801-1 - YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-1944
MD5 | c4d4d8f9452c1513702c9add4065e74c
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close