CVE-2016-8615
Description
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.733
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Curl For Windows 7.50.3 | Windows |
| Multiple vulnerabilities are fixed in Curl For Windows 7.51.0 | Windows |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.47.0-1ubuntu2.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.47.0-1ubuntu2.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.22.0-3ubuntu4.17_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.22.0-3ubuntu4.17_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.35.0-1ubuntu2.10_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3_7.35.0-1ubuntu2.10_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.47.0-1ubuntu2.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.47.0-1ubuntu2.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.22.0-3ubuntu4.17_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.22.0-3ubuntu4.17_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.35.0-1ubuntu2.10_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-nss_7.35.0-1ubuntu2.10_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.47.0-1ubuntu2.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.47.0-1ubuntu2.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.22.0-3ubuntu4.17_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.22.0-3ubuntu4.17_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.35.0-1ubuntu2.10_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-3123-1) libcurl3-gnutls_7.35.0-1ubuntu2.10_amd64.deb | Linux |
| curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_i386.deb | Linux |
| curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_kfreebsd-i386.deb | Linux |
| curl security update(DSA-3705-1) curl_7.38.0-4+deb8u5_kfreebsd-amd64.deb | Linux |
| Curl update (ELSA-2020-5002) curl-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.x86_64.rpm | Linux |
| Libcurl update (ELSA-2020-5002) libcurl-7.29.0-59.0.1.el7_9.1.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2020-5002) libcurl-devel-7.29.0-59.0.1.el7_9.1.i686.rpm | Linux |
| Curl update (ELSA-2023-7743) curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm | Linux |
| Libcurl update (ELSA-2023-7743) libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm | Linux |
| Libcurl-devel update (ELSA-2023-7743) libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm | Linux |
| CVE-2016-8615 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234