CVE-2016-8615 in Ubuntu

CVE-2016-8615

Priority

Description

A flaw was found in curl before version 7.51. If cookie state is written
into a cookie jar file that is later read back and used for subsequent
requests, a malicious HTTP server can inject new cookies for arbitrary
domains into said cookie jar.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
https://curl.haxx.se/docs/adv_20161102A.html
https://ubuntu.com/security/notices/USN-3123-1

Assigned-to

mdeslaur

Notes

Package

Source: curl (LP Ubuntu Debian)

Upstream:	released (7.51.0)
Ubuntu 16.04 ESM:	released (7.47.0-1ubuntu2.2)
Ubuntu 14.04 ESM:	released (7.35.0-1ubuntu2.10)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 12:40:37 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)