The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
Max CVSS
5.0
EPSS Score
0.76%
Published
2013-04-29
Updated
2016-09-09
1 vulnerabilities found