Debian Security Advisory DSA 2660-1 (curl - exposure of sensitive information)

Published: 2013-04-19 22:00:00
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

Affected Versions:
curl on Debian Linux

For the stable distribution (squeeze), this problem has been fixed in version 7.21.0-2.1+squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 7.26.0-1+wheezy2. For the unstable distribution (sid), this problem has been fixed in version 7.29.0-2.1. We recommend that you upgrade your curl Linux Distribution Packages.

Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that cookies set for a domain could accidentally also be sent by libcurl when communicating with . Both curl the command line tool and applications using the libcurl library are vulnerable.

Detection Method:
This check tests the installed software version using the apt Linux Distribution Package manager.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.