Lucene search

K
redhatRedHatRHSA-2022:1354
HistoryApr 13, 2022 - 1:42 p.m.

(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update

2022-04-1313:42:42
access.redhat.com
29
.net core managed-software framework clr implementation curl security update authentication credentials leak bad connection reuse tls enforcement issue starttls not properly enforced cvss score unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.009

Percentile

83.0%

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

  • curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

  • curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)

  • curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)

  • curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.009

Percentile

83.0%