Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2023/06/05 12:30 p.m.5 views

curl: HSTS bypass via IDN

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

7.5CVSS6.7AI score0.1654EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/05 11:46 a.m.6 views

curl: HSTS bypass via IDN

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

7.5CVSS6.7AI score0.1654EPSS
Exploits1References5
OSV
OSV
added 2022/12/21 12:0 a.m.1 views

UBUNTU-CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS6.8AI score0.1654EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/12/08 1:21 p.m.13 views

curl: HSTS bypass via IDN

A vulnerability was found in curl. The issue occurs because curl's HSTS check can be bypassed to trick it to keep using HTTP. Using its HSTS support, it can instruct curl to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism...

7.5CVSS7.1AI score0.01644EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/12/08 1:8 p.m.10 views

curl: HSTS bypass via IDN

A vulnerability was found in curl. The issue occurs because curl's HSTS check can be bypassed to trick it to keep using HTTP. Using its HSTS support, it can instruct curl to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism...

7.5CVSS7.1AI score0.01644EPSS
Exploits0References5
OSV
OSV
added 2022/10/29 2:15 a.m.3 views

DEBIAN-CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

7.5CVSS8.8AI score0.01644EPSS
Exploits0References1
OSV
OSV
added 2022/10/29 2:15 a.m.1 views

ALPINE-CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

7.5CVSS6.8AI score0.01644EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/29 12:0 a.m.1 views

CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

5.5AI score0.01644EPSS
Exploits0References11
curl security advisories
curl security advisories
added 2022/10/26 8:0 a.m.36 views

HSTS bypass via IDN

curl's HSTS check could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the hostname in the given URL uses...

7.5CVSS7.1AI score0.01644EPSS
Exploits0References1Affected Software2
Hacker One
Hacker One
added 2020/11/12 1:23 p.m.28 views

X (Formerly Twitter): Chained open redirects and use of Ideographic Full Stop defeat Twitter's approach to blocking links

Summary: A chain of two open redirects on analytics.twitter.com and twitter.com, coupled with the use of an Ideographic Full Stop allows an attacker to defeat Twitter's approach to blocking links. Description: Twitter maintains a deny list of domain names and prevents users from tweeting direct o...

6.8AI score
Exploits0
Rows per page
Query Builder