Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-3620

Published: 18/11/2014 Updated: 11/05/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Curl

Vulnerability Summary

cURL and libcurl prior to 7.38.0 allow remote malicious users to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl 7.35.0

haxx curl 7.32.0

haxx curl 7.33.0

haxx curl 7.36.0

haxx curl

haxx curl 7.31.0

haxx curl 7.34.0

haxx curl 7.37.0

haxx libcurl 7.37.0

haxx libcurl 7.33.0

haxx libcurl 7.36.0

haxx libcurl 7.34.0

haxx libcurl 7.31.0

haxx libcurl 7.35.0

haxx libcurl

haxx libcurl 7.32.0

apple mac os x

Vendor Advisories

Ubuntu Security Notice: curl vulnerabilities
Several security issues were fixed in curl ...
Debian Security Advisories: DSA-3022-1 curl -- security update
Two vulnerabilities have been discovered in cURL, an URL transfer library They can be use to leak cookie information: CVE-2014-3613 By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing ...
Amazon Linux AMI: ALAS-2014-407
libcurl wrongly allows cookies to be set for TLDs, thus making them much broader then they are supposed to be allowed to This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP ...
Red Hat: CVE-2014-3620
cURL and libcurl before 7380 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain ...

References

CWE-310http://www.debian.org/security/2014/dsa-3022http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.htmlhttp://curl.haxx.se/docs/adv_20140910B.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://www.securityfocus.com/bid/69742http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743http://www.openwall.com/lists/oss-security/2022/05/11/2https://usn.ubuntu.com/2346-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3620
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook