4 matches found
curl: CVE-2026-3784: wrong proxy connection reuse with credentials
Summary libcurl may reuse an existing HTTP proxy CONNECT tunnel without matching proxy credentials when selecting a reusable connection. In lib/url.c, urlmatchproxyuse calls proxyinfomatches lib/url.c:930-935 → lib/url.c:589-595, and that matcher compares proxy type, host, and port but does not...
CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
Vulnerability fixed in Red Hat Fuse
Red Hat has fixed a vulnerability in Fuse 7. The vulnerability is located in the Hazelcast integrated in Fuse Connection Cache and allows an unauthenticated malicious agent to able to manipulate data in the cluster without prior authentication or authorization. Red Hat has released updates to fix...
Sybase EAServer information leak
Security credentials are stored insecurely in connection cache...