CVE-2023-46218 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.
ATT&CK techniques detected
T1539Steal Web Session Cookie
31%
"cve - 2023 - 46218 this flaw allows a malicious http server to set " super cookies " in curl that are then passed back to more origins than what is otherwise allowed or possible. this allows a site to set cookies that then would get sent to different and unrelated sites and domai…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Information published.