cURL and libcurl prior to 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote malicious users to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl 7.33.0 |
||
haxx curl 7.34.0 |
||
haxx curl 7.37.0 |
||
haxx curl |
||
haxx curl 7.31.0 |
||
haxx curl 7.32.0 |
||
haxx curl 7.35.0 |
||
haxx curl 7.36.0 |
||
haxx libcurl 7.37.0 |
||
haxx libcurl 7.36.0 |
||
haxx libcurl 7.33.0 |
||
haxx libcurl 7.32.0 |
||
haxx libcurl |
||
haxx libcurl 7.31.0 |
||
haxx libcurl 7.35.0 |
||
haxx libcurl 7.34.0 |
||
apple mac os x |