CVE-2014-3613

Priority
Description
cURL and libcurl before 7.38.0 does not properly handle IP addresses in
cookie domain names, which allows remote attackers to set cookies for or
send arbitrary cookies to certain sites, as demonstrated by a site at
192.168.0.1 setting cookies for a site at 127.168.0.1.
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.38.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu2.1)
Patches:
Vendor:https://www.debian.org/security/2014/dsa-3022
More Information

Updated: 2019-03-19 12:14:51 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)