CVE-2013-1944

Related Files

Gentoo Linux Security Advisory 201401-14

Posted Jan 20, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422

SHA-256 | db468e099ee0183090e4d1c7e60955a697fc5a4848c7ebb9fdb2c66ab4bb731a

Download | Favorite | View

Mandriva Linux Security Advisory 2013-151

Posted Apr 28, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-151 - libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial.

tags | advisory

systems | linux, mandriva

advisories | CVE-2013-1944

SHA-256 | 5c69303402e466b01eae0fbd8cd93ede86dc773f79280ad90e909cf75515c6af

Download | Favorite | View

Red Hat Security Advisory 2013-0771-01

Posted Apr 24, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0771-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts.

tags | advisory, web, protocol

systems | linux, redhat

advisories | CVE-2013-1944

SHA-256 | 73f2f91020506640014d072e24e8ccf64fc4ce8d2c457f7c3cdaef0e81920dbc

Download | Favorite | View

Debian Security Advisory 2660-1

Posted Apr 20, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2660-1 - Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain 'ample.com' could accidentally also be sent by libcurl when communicating with 'example.com'.

tags | advisory

systems | linux, debian

advisories | CVE-2013-1944

SHA-256 | 81266edfab57d31d15948cb7c43346ab48dc2550fdda9403978115e7a973b7b0

Download | Favorite | View

Ubuntu Security Notice USN-1801-1

Posted Apr 16, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1801-1 - YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2013-1944

SHA-256 | ea0c4e42890a1098fca522fa72544604763aef3b197e27a9829c9659c96f3579

Download | Favorite | View