Lucene search

K
f5F5F5:K15402727
HistoryFeb 19, 2021 - 12:00 a.m.

K15402727 : cURL vulnerability CVE-2020-8286

2021-02-1900:00:00
my.f5.com
26

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

74.0%

Security Advisory Description

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. (CVE-2020-8286)

Impact

An attacker could provide a forged OCSP response to the F5 product that has made the request with curl, and this fake response could make it appear that a TLS certificate is valid when it may have actually been revoked.