CVE-2014-3620 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2014-3620

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Published: Nov 18, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3620
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
haxx / curl	7.35.0	7.35.0.x
haxx / curl	7.32.0	7.32.0.x
haxx / curl	7.33.0	7.33.0.x
haxx / curl	7.36.0	7.36.0.x
haxx / curl	-	7.37.1.x
haxx / curl	7.31.0	7.31.0.x
haxx / curl	7.34.0	7.34.0.x
haxx / curl	7.37.0	7.37.0.x
haxx / libcurl	7.37.0	7.37.0.x
haxx / libcurl	7.33.0	7.33.0.x
haxx / libcurl	7.36.0	7.36.0.x
haxx / libcurl	7.34.0	7.34.0.x
haxx / libcurl	7.31.0	7.31.0.x
haxx / libcurl	7.35.0	7.35.0.x
haxx / libcurl	-	7.37.1.x
haxx / libcurl	7.32.0	7.32.0.x
apple / mac_os_x	-	10.10.4.x