CVE-2013-1944

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-1944
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.ubuntu.com/usn/USN-1801-1
http://www.osvdb.org/92316
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0121
http://secunia.com/advisories/53097 Vendor Advisory
https://github.com/bagder/curl/commit/2eb8dcf26cb37f09cffe26909a646e702dbcab66
http://www.mandriva.com/security/advisories?name=MDVSA-2013:151
http://secunia.com/advisories/53044 Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0771.html
http://secunia.com/advisories/53051 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=950577
http://www.securityfocus.com/bid/59058
http://curl.haxx.se/docs/adv_20130412.html Vendor Advisory
http://www.debian.org/security/2012/dsa-2660
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00013.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00016.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106606.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.7:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.7.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.7:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.6:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.7.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.5.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.8:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.1:beta:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.8.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:6.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.9.8:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.6:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
Information

Published : 2013-04-29 15:55

Updated : 2016-09-08 18:59

NVD link : CVE-2013-1944

Mitre link : CVE-2013-1944

JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa
Products Affected

canonical

  • ubuntu_linux

haxx

  • curl
  • libcurl