Download
| Alert*
oval:org.secpod.oval:def:601007
Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain "ample.com ... oval:org.secpod.oval:def:202808 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:701255 curl: HTTP, HTTPS, and FTP client and client libraries Applications using libcurl could be made to expose sensitive information over the network. oval:org.secpod.oval:def:1500162 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:501049 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:202810 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:1600309 The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. oval:org.secpod.oval:def:1500155 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1502522 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502523 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51917 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. |