Wind River Support Network

HomeDefectsLIN5-15572
Fixed

LIN5-15572 : Security Advisory - curl - CVE-2013-1944

Created: May 2, 2013    Updated: Dec 19, 2017
Resolved Date: Jul 25, 2013
Previous ID: LIN3-8957
Found In Version: 5.0
Fix Version: 5.0.1.6
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1944

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online