Cookie Injection Flaw in Curl by Daniel Stenberg
CVE-2016-8615

5.3MEDIUM

Key Information:

Vendor

The Curl Project

Status
Curl
Vendor
CVE Published:
1 August 2018

What is CVE-2016-8615?

A vulnerability exists in the curl application, where cookie state can be improperly managed. Specifically, when cookies are written into a cookie jar and later retrieved for use, a malicious HTTP server could exploit this flaw to inject arbitrary cookies for unauthorized domains into the cookie jar. This could lead to a variety of security issues, including session hijacking and unauthorized data access, making it crucial for users to ensure they are using a patched version of curl.

Affected Version(s)

curl 7.51.0

References

https://access.redhat.com/errata/RHSA-2018:3558
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/94096
vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.