CVE-2013-1944 (retired)

Priority
Description
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does
not properly match the path domain when sending cookies, which allows
remote attackers to steal cookies via a matching suffix in the domain of a
URL.
Assigned-to
sarnold
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.30.0)
Patches:
Upstream:http://curl.haxx.se/curl-tailmatch.patch
More Information

Updated: 2019-08-23 08:53:56 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)