17 matches found
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)
Summary Vulnerabilities contained within libcurl a 3rd party component were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Realtime Action and Base Modules. Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote...
Azure Linux 3.0 Security Update: curl (CVE-2024-0853)
The version of curl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0853 advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapli...
GLSA-202409-20 : curl: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202409-20 curl: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from th...
CBL Mariner 2.0 Security Update: curl (CVE-2024-0853)
The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0853 advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapli...
CVE-2024-0853 affecting package curl for versions less than 8.8.0-1
CVE-2024-0853 affecting package curl for versions less than 8.8.0-1. An upgraded version of the package is available that resolves this issue...
Oracle MySQL Cluster 8.0.x < 8.0.37 (Apr 2024 / Jul 2024 CPU)
The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the April / July 2024 CPU advisory. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General LibExpat. Supported versions that are affected are 8.0....
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)
IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl CVE-2024-0853...
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-581)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-581 advisory. A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname...
Low: curl
Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...
FreeBSD : curl -- OCSP verification bypass with TLS session reuse (02e33cd1-c655-11ee-8613-08002784c58d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 02e33cd1-c655-11ee-8613-08002784c58d advisory. - curl inadvertently kept the SSL session ID for connections in its cache even when the verify status...
CVE-2024-0853 vulnerabilities
Vulnerabilities for packages: curl...
CVE-2024-0853 vulnerabilities
Vulnerabilities for packages: curl...
CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853
CVE-2024-0853 affects curl by retaining SSL session IDs in the cache after an OCSP stapling verify status test fails, allowing a subsequent transfer to bypass verification if the session cache is still fresh. Connected documents confirm this is a curl vulnerability affecting multiple platforms an...
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
Internet Bug Bounty: CVE-2024-0853: OCSP verification bypass with TLS session reuse
CVE-2024-0853 was a vulnerability in the cURL library where OCSP verification was bypassed when reusing a TLS session. The vulnerability was caused by cURL inadvertently keeping the SSL session ID in its cache even when the OCSP stapling verification failed. This allowed subsequent transfers to t...