CVE-2013-1944

NONECVSS 0.0

0.0

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

🔗 References (46)

secalert@redhathttp://curl.haxx.se/docs/adv_20130412.html
secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-06/msg00013.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-06/msg00016.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-0771.html
secalert@redhathttp://secunia.com/advisories/53044
secalert@redhathttp://secunia.com/advisories/53051
secalert@redhathttp://secunia.com/advisories/53097
secalert@redhathttp://www.debian.org/security/2012/dsa-2660

Is Your Infrastructure Affected by CVE-2013-1944?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-1944

📅 Published

🔄 Last Modified

🔗 References (46)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-1944?