Versio.io

CVE-2014-3620

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 18-11-2014 04:59
Last modified: - 11-05-2022 11:15
Total changes: - 2

Description

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:P/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
None
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
5.0
Base score
10.0
2.9
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=haxx AND product=curl AND version=7.35.0
vendor=haxx AND product=curl AND version=7.32.0
vendor=haxx AND product=curl AND version=7.33.0
vendor=haxx AND product=curl AND version=7.36.0
vendor=haxx AND product=curl AND versionEndIncluding=7.37.1
vendor=haxx AND product=curl AND version=7.31.0
vendor=haxx AND product=curl AND version=7.34.0
vendor=haxx AND product=curl AND version=7.37.0
OR
vendor=haxx AND product=libcurl AND version=7.37.0
vendor=haxx AND product=libcurl AND version=7.33.0
vendor=haxx AND product=libcurl AND version=7.36.0
vendor=haxx AND product=libcurl AND version=7.34.0
vendor=haxx AND product=libcurl AND version=7.31.0
vendor=haxx AND product=libcurl AND version=7.35.0
vendor=haxx AND product=libcurl AND versionEndIncluding=7.37.1
vendor=haxx AND product=libcurl AND version=7.32.0
OR
vendor=apple AND product=mac_os_x AND versionEndIncluding=10.10.4
 

Reference

 


Keywords

NVD

 

CVE-2014-3620

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.