Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A critical vulnerability (CVSS 9.1) in Microsoft’s Azure Linux 3.0 packaging of curl allows cookies to be scoped more broadly than intended through trailing dot domain handling, according to MSRC and the upstream curl project advisory. Organizations running Azure Linux 3.0 workloads that use curl for authenticated HTTP communications are affected. If exploited, the flaw could allow an attacker to intercept or inject session cookies across domain boundaries, potentially compromising authenticated sessions in cloud-hosted applications.

Author

Tech Jacks Solutions