15 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-23914
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested...
Linux Distros Unpatched Vulnerability : CVE-2023-23915
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple...
CBL Mariner 2.0 Security Update: mysql / rust / cmake / curl / tensorflow (CVE-2023-23914)
The version of mysql / rust / cmake / curl / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-23914 advisory. - A cleartext transmission of sensitive information vulnerability exists in...
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-114)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-114 advisory. A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This...
Amazon Linux 2 : curl (ALAS-2023-1986)
The version of curl installed on the remote host is prior to 7.88.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1986 advisory. A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the sam...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5891-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5891-1 advisory. Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker...
Design/Logic Flaw
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
Design/Logic Flaw
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2023:0429-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0429-1 advisory. - A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that...
Internet Bug Bounty: CVE-2023-23914: HSTS ignored on multiple requests
Multiple requests made using curl's HSTS functionality ignored the HTTPS protocol and used an insecure clear-text HTTP step instead. This was due to the state not being properly carried on, allowing the bypass of intended security controls. The vulnerability was assigned CVE-2023-23914 and had a...