cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
BID:69742
Info
cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
| Bugtraq ID: | 69742 |
| Class: | Design Error |
| CVE: |
CVE-2014-3620 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 10 2014 12:00AM |
| Updated: | Jul 06 2016 02:27PM |
| Credit: | Tim Ruehsen |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 |
| Not Vulnerable: | |
Discussion
cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
cURL/libcURL is prone to a remote security-bypass vulnerability.
An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
cURL/libcURL 7.31.0 through 7.37.1 are vulnerable.
cURL/libcURL is prone to a remote security-bypass vulnerability.
An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
cURL/libcURL 7.31.0 through 7.37.1 are vulnerable.
Exploit / POC
cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
cURL/libcURL CVE-2014-3620 Cookies Handling Remote Security Bypass Vulnerability
References:
References:
- Bug 1138846 - (CVE-2014-3620) CVE-2014-3620 curl: cookies accepted for TLDs (Red Hat Bugzilla)
- cURL Home Page (cURL)
- Curl_cookie_add: handle IPv6 hosts (Daniel Stenberg)
- 2016-04 Security Bulletin: Junos: Multiple vulnerabilities in cURL and libcurl (Juniper)
- APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 (Apple)
- DSA-3022-1 curl -- security update (Debian)
- libcurl cookie leak for TLDs (haxx)
- Multiple vulnerabilities in cURL libcURL affect IBM Tivoli Netcool System Servic (IBM)
- PowerKVM: 2 issues for curl (CVE-2014-3620, CVE-2014-3613) (IBM)
- Security Bulletin: IBM BladeCenter Advanced Management Module is affected by cUR (IBM)
- Security Bulletin: Security vulnerabilities in Rational DOORS (CVE-2014-3613, CV (IBM)