CVE-2016-8615
published 2018-08-01CVE-2016-8615: A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a…
PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
4.18%
89.0th percentile
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra_10.12.2_security_update_2016-003_el_capitan_and_security_update_201 | — | — |
| debian | curl | < curl 7.51.0-1 (bookworm) | curl 7.51.0-1 (bookworm) |
| haxx | curl | < 7.51.0 | 7.51.0 |
| haxx | curl | >= 0 < 7.51.0-1 | 7.51.0-1 |
| haxx | curl | >= 0 < 7.51.0-1 | 7.51.0-1 |
| haxx | curl | >= 0 < 7.51.0-1 | 7.51.0-1 |
| haxx | curl | >= 0 < 7.51.0-1 | 7.51.0-1 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.10 | 7.35.0-1ubuntu2.10 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.2 | 7.47.0-1ubuntu2.2 |
| the_curl_project | curl | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hqqr-g92g-v6cf: A flaw was found in curl before version 7
ghsa_unreviewed·2022-05-13
CVE-2016-8615 [HIGH] CWE-99 GHSA-hqqr-g92g-v6cf: A flaw was found in curl before version 7
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
OSV
CVE-2016-8615: A flaw was found in curl before version 7
osv·2018-08-01·CVSS 7.5
CVE-2016-8615 [HIGH] CVE-2016-8615: A flaw was found in curl before version 7
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
OSV
curl vulnerabilities
osv·2016-11-03·CVSS 7.5
CVE-2016-7141 [HIGH] curl vulnerabilities
curl vulnerabilities
It was discovered that curl incorrectly reused client certificates when
built with NSS. A remote attacker could possibly use this issue to hijack
the authentication of a TLS connection. (CVE-2016-7141)
Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain
strings. A remote attacker could possibly use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7167)
It was discovered that curl incorrectly handled storing cookies. A remote
attacker could possibly use this issue to inject cookies for arbitrary
domains in the cookie jar. (CVE-2016-8615)
It was discovered that curl incorrect handled case when comparing user
names and passwords. A remote attacker with knowledge of a case-insensiti
Apple
CVE-2016-8615: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
vendor_apple·2016-12-13·CVSS 5.3
CVE-2016-8615 [MEDIUM] CVE-2016-8615: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
Product: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
CVE: CVE-2016-8615
Component: CVE-2016-8615
Ubuntu
curl vulnerabilities
vendor_ubuntu·2016-11-03·CVSS 7.5
CVE-2016-7141 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
It was discovered that curl incorrectly reused client certificates when
built with NSS. A remote attacker could possibly use this issue to hijack
the authentication of a TLS connection. (CVE-2016-7141)
Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain
strings. A remote attacker could possibly use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7167)
It was discovered that curl incorrectly handled storing cookies. A remote
attacker could possibly use this issue to inject cookies for arbitrary
domains in the cookie jar. (CVE-2016-8615)
It was discovered that curl incorrect handled case when comparing user
names and pa
Red Hat
curl: Cookie injection for other servers
vendor_redhat·2016-11-02·CVSS 5.3
CVE-2016-8615 [MEDIUM] CWE-99 curl: Cookie injection for other servers
curl: Cookie injection for other servers
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Out of support scope
Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Out of support scope
Package: rh-dotnet20-curl (.NET Core 2.0 on Red Hat Enterprise Linux) - Out of support scope
Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Will not fix
Package: curl (Red Hat Enterprise Linux 5) - Will not fix
Package: curl (Red Hat Enterprise Linux 6) - Will not fix
Package: curl (Red
Debian
CVE-2016-8615: curl - A flaw was found in curl before version 7.51. If cookie state is written into a ...
vendor_debian·2016·CVSS 5.3
CVE-2016-8615 [MEDIUM] CVE-2016-8615: curl - A flaw was found in curl before version 7.51. If cookie state is written into a ...
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
Scope: local
bookworm: resolved (fixed in 7.51.0-1)
bullseye: resolved (fixed in 7.51.0-1)
forky: resolved (fixed in 7.51.0-1)
sid: resolved (fixed in 7.51.0-1)
trixie: resolved (fixed in 7.51.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7]
bugzilla·2016-11-02·CVSS 5.3
CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7]
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being
Bugzilla
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all]
bugzilla·2016-11-02·CVSS 5.3
CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all]
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being
Bugzilla
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all]
bugzilla·2016-11-02·CVSS 5.3
CVE-2016-8615 [MEDIUM] CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all]
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 curl: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM cha
Bugzilla
CVE-2016-8615 curl: Cookie injection for other servers
bugzilla·2016-10-25·CVSS 5.3
CVE-2016-8615 [MEDIUM] CVE-2016-8615 curl: Cookie injection for other servers
CVE-2016-8615 curl: Cookie injection for other servers
If cookie state is written into a cookie jar file that is later read back and
used for subsequent requests, a malicious HTTP server can inject new cookies
for arbitrary domains into said cookie jar.
The issue pertains to the function that loads cookies into memory, which reads
the specified file into a fixed-size buffer in a line-by-line manner using the
`fgets()` function. If an invocation of fgets() cannot read the whole line
into the destination buffer due to it being too small, it truncates the
output. This way, a very long cookie (name + value) sent by a malicious server
would be stored in the file and subsequently that cookie could be read
partially and crafted correctly, it could be treated as a different cookie for
another se
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/94096http://www.securitytracker.com/id/1037192https://access.redhat.com/errata/RHSA-2018:2486https://access.redhat.com/errata/RHSA-2018:3558https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615https://curl.haxx.se/CVE-2016-8615.patchhttps://curl.haxx.se/docs/adv_20161102A.htmlhttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://security.gentoo.org/glsa/201701-47https://www.tenable.com/security/tns-2016-21http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/94096http://www.securitytracker.com/id/1037192https://access.redhat.com/errata/RHSA-2018:2486https://access.redhat.com/errata/RHSA-2018:3558https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615https://curl.haxx.se/CVE-2016-8615.patchhttps://curl.haxx.se/docs/adv_20161102A.htmlhttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://security.gentoo.org/glsa/201701-47https://www.tenable.com/security/tns-2016-21
2018-08-01
Published