Lucene search
K

30 matches found

RedHat Linux
RedHat Linux
added 2018/08/16 4:6 p.m.12 views

curl: IDNA 2003 makes curl use wrong host

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

7.5CVSS7.3AI score0.04321EPSS
Exploits0References5
Veracode
Veracode
added 2018/08/02 9:4 a.m.25 views

Unauthorized Requests

libcurl.so is vulnerable to unauthorized requests. The library uses outdated IDNA standards when handling domain names, allowing a user to transfer network requests to the wrong host...

7.5CVSS8.3AI score0.04321EPSS
Exploits0References13Affected Software5
OSV
OSV
added 2018/08/01 6:29 a.m.4 views

UBUNTU-CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

7.5CVSS7.1AI score0.04321EPSS
Exploits0References3
OSV
OSV
added 2018/08/01 6:29 a.m.1 views

DEBIAN-CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

7.5CVSS6.9AI score0.04321EPSS
Exploits0References1
OSV
OSV
added 2018/07/31 9:29 p.m.4 views

ALPINE-CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

7.5CVSS6.9AI score0.05915EPSS
Exploits0References1
OSV
OSV
added 2018/02/27 8:29 p.m.21 views

CVE-2017-5660

There is a vulnerability in Apache Traffic Server ATS 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used...

8.6CVSS8.7AI score
Exploits0References2
Hacker One
Hacker One
added 2018/01/17 5:42 p.m.23 views

Internet Bug Bounty: Urllib connects to a wrong host

Description ----- The inconsistent of URL parsing and URL fetching are distinct Original bug report ----- - https://bugs.python.org/issue30500 - http://python-security.readthedocs.io/vuln/bpo-30500urllibconnectstoawronghost.html Note ----- - None Thanks : Impact SSRF...

6.9AI score
Exploits0
NVD
NVD
added 2017/08/31 4:29 p.m.35 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS6.5AI score0.03046EPSS
Exploits0References28
curl security advisories
curl security advisories
added 2016/11/02 8:0 a.m.5 views

invalid URL parsing with '#'

curl does not parse the authority component of the URL correctly when the host name part ends with a hash character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use a URL parser that follows the RFC to check for allowed...

7.5CVSS7.3AI score0.05915EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2016/11/02 8:0 a.m.8 views

IDNA 2003 makes curl use wrong host

When curl is built with libidn to handle International Domain Names IDNA, it translates them to puny code for DNS resolving using the IDNA 2003 standard, while IDNA 2008 is the modern and up-to-date IDNA standard. This misalignment causes problems with for example domains using the German ß...

7.5CVSS7.2AI score0.04321EPSS
Exploits0Affected Software2
Rows per page
Query Builder