Scan for free your assets for this vulnerability
Download Mageni to scan your assets for this plus 99,432 more vulnerabilities. It is free to get started and can be installed in Windows, macOS and Linux.
Amazon Linux Local Check: ALAS-2014-407
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Amazon Linux Local Security Checks
Insight
Insight
libcurl wrongly allows cookies to be set for TLDs, thus making them much broader then they are supposed to be allowed to. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others.
Solution
Solution
Run yum update curl to update your system.
Common Vulnerabilities and Exposures (CVE)
Know your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.
Get Started for Free