Unknown
CVE-2015-3145
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- curl 7.31.0,
- curl 7.32.0,
- curl 7.33.0,
- curl 7.34.0,
- curl 7.35.0,
- curl 7.36.0,
- curl 7.37.0,
- curl 7.37.1,
- curl 7.38.0,
- curl 7.39.0,
- curl 7.40.0,
- curl 7.41.0,
- debian linux 7.0,
- fedora 21,
- fedora 22,
- libcurl 7.30.0,
- libcurl 7.31.0,
- libcurl 7.32.0,
- libcurl 7.33.0,
- libcurl 7.34.0,
- libcurl 7.35.0,
- libcurl 7.36.0,
- libcurl 7.37.0,
- libcurl 7.37.1,
- libcurl 7.38.0,
- libcurl 7.39,
- libcurl 7.40.0,
- libcurl 7.41.0,
- mac os x 10.10.0,
- mac os x 10.10.1,
- mac os x 10.10.2,
- mac os x 10.10.3,
- mac os x 10.10.4,
- opensuse 13.1,
- opensuse 13.2,
- solaris 11.3,
- system management homepage,
- ubuntu linux 12.04,
- ubuntu linux 14.04,
- ubuntu linux 14.10,
- ubuntu linux 15.04
References
Advisory
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
