Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2016-8615

Published: August 31, 2023Last modified: August 31, 2023

Description

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.

Severity score breakdown

ParameterValue
Base score7.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactHIGH
Availability impactNONE
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTScurlNot affected (8.2.1-r0)
StreamcurlNot affected (8.2.1-r0)

References

ON THIS PAGE