5 matches found
Oracle Linux 9 : curl (ELSA-2024-1129)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1129 advisory. 7.76.1-26.el93.3 - cap SFTP packet size sent RHEL-14697 - lowercase the domain names before PSL checks CVE-2023-46218 Tenable has extracted the preceding...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-1192)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is otherwise allowed o...
RHEL 8 : curl (RHSA-2024:0585)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0585 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...
Fedora 39 : curl (2023-9de8973300)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9de8973300 advisory. - fix HSTS long file name clears contents CVE-2023-46219 - fix cookie mixed case PSL bypass CVE-2023-46218 Tenable has extracted the preceding...
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...