National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:haxx:curl:7.2
There are 26 matching records.
Displaying matches 21 through 26.
Vuln ID Summary CVSS Severity

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

Published: January 29, 2016; 03:59:05 PM -05:00
V3.0: 7.3 HIGH
    V2: 5.0 MEDIUM

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.

Published: January 29, 2016; 03:59:04 PM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Published: May 01, 2015; 11:59:05 AM -04:00
    V2: 5.0 MEDIUM

cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.

Published: November 18, 2014; 10:59:01 AM -05:00
    V2: 5.0 MEDIUM

cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at setting cookies for a site at

Published: November 18, 2014; 10:59:00 AM -05:00
    V2: 5.0 MEDIUM

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Published: April 29, 2013; 06:55:08 PM -04:00
    V2: 5.0 MEDIUM