cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-18T15:00:00

Updated: 2024-08-06T10:50:17.964Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3613

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-11-18T15:59:00.140

Modified: 2024-11-21T02:08:30.313

Link: CVE-2014-3613

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-09-10T00:00:00Z

Links: CVE-2014-3613 - Bugzilla