A malicious or compromised remote server could send an authorised request to the client computer with the same credentials as were used for the initial authentication, potentially leading to a situation where the client computer accepts another request with the same credentials as the initial request. This results in an XSS or CSRF attack from the server to the client (depending on the type of request). An attacker could use this vulnerability to steal the client's session cookie, or to impersonate the client to the server. This could be used to exploit other vulnerabilities on the client. An attacker could use this vulnerability to trick the client into re-authenticating with a malicious server. An attacker could use this vulnerability to trick the client into re-authenticating with a malicious server.
Affected cURL releases: cURL 7.82.0 = 7.82.0 versions are vulnerable
CVE-2018-1585 An information disclosure vulnerability exists in curl 7.62.0 to and including 7.62.1 which might allow remote attackers to determine information about the layout of the program stack. This could be used to determine code objects and other metrics about the application. CVE-2018-1587 A denial of service vulnerability exists in curl 7.56.0 to and including 7.62.1 in the DNS code which might allow remote attackers to cause the application to crash by sending an overly long DNS request (RFC1ab) to the server. This can be used to exploit other vulnerabilities on
References === Click Here ===
The 5 Most Common Mistakes to Avoid When Out-Sourcing SEO
Timeline
Published on: 05/26/2022 17:15:00 UTC
Last modified on: 08/02/2022 03:15:00 UTC