13 matches found
curl: CVE-2026-7009: OCSP stapling bypass with Apple SecTrust
Summary When curl is built with --with-apple-sectrust or -DUSEAPPLESECTRUST=ON and OpenSSL, the --cert-status / CURLOPTSSLVERIFYSTATUS option is silently bypassed when Apple SecTrust handles certificate chain verification instead of OpenSSL. The user explicitly requests OCSP stapling enforcement,...
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
Design/Logic Flaw
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853
CVE-2024-0853 affects curl by retaining SSL session IDs in the cache after an OCSP stapling verify status test fails, allowing a subsequent transfer to bypass verification if the session cache is still fresh. Connected documents confirm this is a curl vulnerability affecting multiple platforms an...
CVE-2024-0853
A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the verify status chec...
CURL-CVE-2024-0853 OCSP verification bypass with TLS session reuse
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
UBUNTU-CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2023-24423 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.35.0)
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =428.v5c962d271ba5 Source cves: CVE-2023-24423 Source advisory: OSV:GHSA-95JQ-24CR-PGRQ...
org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2019-16551 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.22.0)
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =2.4.6 Source cves: CVE-2019-16551 Source advisory: OSV:GHSA-VMVP-2HHX-RGM8...