Executive Summary

Informations
NameCVE-2014-3620First vendor Publication2014-11-18
VendorCveLast vendor Modification2016-12-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3620

CWE : Common Weakness Enumeration

%idName
100 %CWE-310Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26869
 
Oval ID: oval:org.mitre.oval:def:26869
Title: DSA-3022-1 curl - security update
Description: Two vulnerabilities have been discovered in cURL, an URL transfer library. They can be use to leak cookie information.
Family: unix Class: patch
Reference(s): DSA-3022-1
CVE-2014-3613
CVE-2014-3620
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): curl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26774
 
Oval ID: oval:org.mitre.oval:def:26774
Title: USN-2346-1 -- curl vulnerabilities
Description: Several security issues were fixed in curl.
Family: unix Class: patch
Reference(s): USN-2346-1
CVE-2014-3613
CVE-2014-3620
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): curl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application113
Application112
Os102

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-08-20IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337

Nessus® Vulnerability Scanner

DateDescription
2015-08-17Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-04-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-213.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-098.nasl - Type : ACT_GATHER_INFO
2015-01-02Name : The remote Fedora host is missing a security update.
File : fedora_2014-17596.nasl - Type : ACT_GATHER_INFO
2015-01-02Name : The remote Fedora host is missing a security update.
File : fedora_2014-17601.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-407.nasl - Type : ACT_GATHER_INFO
2014-10-09Name : The remote Fedora host is missing a security update.
File : fedora_2014-10714.nasl - Type : ACT_GATHER_INFO
2014-09-26Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-187.nasl - Type : ACT_GATHER_INFO
2014-09-23Name : The remote Fedora host is missing a security update.
File : fedora_2014-10679.nasl - Type : ACT_GATHER_INFO
2014-09-18Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-547.nasl - Type : ACT_GATHER_INFO
2014-09-16Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2346-1.nasl - Type : ACT_GATHER_INFO
2014-09-15Name : The remote Fedora host is missing a security update.
File : fedora_2014-10741.nasl - Type : ACT_GATHER_INFO
2014-09-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3022.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BID http://www.securityfocus.com/bid/69742
CONFIRM http://curl.haxx.se/docs/adv_20140910B.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
https://support.apple.com/kb/HT205031
DEBIAN http://www.debian.org/security/2014/dsa-3022
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
DateInformations
2019-09-25 01:06:19
  • Multiple Updates
2018-05-25 12:05:35
  • Multiple Updates
2016-12-03 09:23:57
  • Multiple Updates
2016-11-29 00:24:55
  • Multiple Updates
2016-09-01 01:02:19
  • Multiple Updates
2016-06-28 22:51:45
  • Multiple Updates
2016-03-31 05:24:22
  • Multiple Updates
2015-10-18 17:22:38
  • Multiple Updates
2015-08-18 13:34:51
  • Multiple Updates
2015-08-18 09:19:34
  • Multiple Updates
2015-03-31 13:28:35
  • Multiple Updates
2015-01-03 13:25:55
  • Multiple Updates
2014-11-18 21:24:48
  • First insertion