Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-46218

Опубликовано: 07 дек. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with domain=co.UK when the URL used a lower case hostname curl.co.uk, even though co.uk is listed as a PSL domain.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

released

8.5.0-2ubuntu1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

released

7.58.0-2ubuntu3.24+esm3
esm-infra/focal

not-affected

7.68.0-1ubuntu2.21
esm-infra/xenial

released

7.47.0-1ubuntu2.19+esm11
focal

released

7.68.0-1ubuntu2.21
jammy

released

7.81.0-1ubuntu1.15
lunar

released

7.88.1-8ubuntu2.4
mantic

released

8.2.1-1ubuntu3.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 56%
0.00337
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-46218

CVSS3: 5.3
redhat
больше 1 года назад

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.

nvd логотип

CVE-2023-46218

CVSS3: 6.5
nvd
больше 1 года назад

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.

msrc логотип

CVE-2023-46218

CVSS3: 6.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-46218

CVSS3: 6.5
debian
больше 1 года назад

This flaw allows a malicious HTTP server to set "super cookies" in cur ...

redos логотип

ROS-20240328-11

CVSS3: 6.5
redos
около 1 года назад

Уязвимость curl

EPSS

Процентиль: 56%
0.00337
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2023-46218