Unknown
CVE-2015-3145
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Products
- curl 7.31.0
- curl 7.32.0
- curl 7.33.0
- curl 7.34.0
- curl 7.35.0
- curl 7.36.0
- curl 7.37.0
- curl 7.37.1
- curl 7.38.0
- curl 7.39.0
- curl 7.40.0
- curl 7.41.0
- debian linux 7.0
- fedora 21
- fedora 22
- libcurl 7.30.0
- libcurl 7.31.0
- libcurl 7.32.0
- libcurl 7.33.0
- libcurl 7.34.0
- libcurl 7.35.0
- libcurl 7.36.0
- libcurl 7.37.0
- libcurl 7.37.1
- libcurl 7.38.0
- libcurl 7.39
- libcurl 7.40.0
- libcurl 7.41.0
- mac os x 10.10.0
- mac os x 10.10.1
- mac os x 10.10.2
- mac os x 10.10.3
- mac os x 10.10.4
- opensuse 13.1
- opensuse 13.2
- solaris 11.3
- system management homepage
- ubuntu linux 12.04
- ubuntu linux 14.04
- ubuntu linux 14.10
- ubuntu linux 15.04
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
