CVE-2016-8615

Опубликовано: 02 нояб. 2016

Источник: redhat

CVSS3: 5.3

CVSS2: 4.3

EPSS Низкий

Описание

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
.NET Core 1.0 on Red Hat Enterprise Linux	rh-dotnetcore10-curl	Out of support scope
.NET Core 1.1 on Red Hat Enterprise Linux	rh-dotnetcore11-curl	Out of support scope
.NET Core 2.0 on Red Hat Enterprise Linux	rh-dotnet20-curl	Out of support scope
.NET Core 2.1 on Red Hat Enterprise Linux	rh-dotnet21-curl	Will not fix
Red Hat Enterprise Linux 5	curl	Will not fix
Red Hat Enterprise Linux 6	curl	Will not fix
Red Hat Enterprise Linux 7	curl	Will not fix
Red Hat Enterprise Virtualization 3	mingw-virt-viewer	Will not fix
Red Hat JBoss Enterprise Web Server 3	curl	Fix deferred
Red Hat Software Collections for Red Hat Enterprise Linux 6	httpd24-curl	Fixed	RHSA-2018:3558	13.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-99

https://bugzilla.redhat.com/show_bug.cgi?id=1388370curl: Cookie injection for other servers

EPSS

Процентиль: 86%

0.03011

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-8615

CVSS3: 5.3

ubuntu

почти 7 лет назад

CVE-2016-8615

CVSS3: 5.3

nvd

почти 7 лет назад

CVE-2016-8615

CVSS3: 5.3

debian

почти 7 лет назад

A flaw was found in curl before version 7.51. If cookie state is writt ...

GHSA-hqqr-g92g-v6cf

CVSS3: 7.5

github

около 3 лет назад

openSUSE-SU-2016:2768-1

suse-cvrf

больше 8 лет назад

Security update for curl

EPSS

Процентиль: 86%

0.03011

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2