CVE-2014-3613

Published: Nov 18, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.

Affected (17)

Products: Haxx: Curl, Libcurl · Apple: Mac Os X

2 products

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Haxx Curl	Up to 7.37.1
Haxx Curl	Version 7.31.0
Haxx Curl	Version 7.32.0
Haxx Curl	Version 7.33.0
Haxx Curl	Version 7.34.0
Haxx Curl	Version 7.35.0
Haxx Curl	Version 7.36.0
Haxx Curl	Version 7.37.0

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Haxx Libcurl	Up to 7.37.1
Haxx Libcurl	Version 7.31.0
Haxx Libcurl	Version 7.32.0
Haxx Libcurl	Version 7.33.0
Haxx Libcurl	Version 7.34.0
Haxx Libcurl	Version 7.35.0
Haxx Libcurl	Version 7.36.0
Haxx Libcurl	Version 7.37.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.10.4

Related CWEs

References (22)

http://curl.haxx.se/docs/adv_20140910A.html

Source: secalert@redhat.com

Patch

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1254.html

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3022

Source: secalert@redhat.com

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/69748

Source: secalert@redhat.com

https://support.apple.com/kb/HT205031

Source: secalert@redhat.com

http://curl.haxx.se/docs/adv_20140910A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1254.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3022

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69748

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT205031

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.