Phishing Attacks

2020-12-1109:23:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

curl is vulnerable to phishing attacks. malicious server can redirect FTP to malicious host via PASV reponse.

CPENameOperatorVersion
curl:xenialeq7.47.0-1ubuntu2
curl:xenialeq7.47.0-1ubuntu2.16
curl:bioniceq7.58.0-2ubuntu3.10
curl:bioniceq7.58.0-2ubuntu3
curl:groovyeq7.68.0-1ubuntu4
curl:focaleq7.68.0-1ubuntu2.2
curl:focaleq7.68.0-1ubuntu2
curl:stretcheq7.52.1-5+deb9u10
curl:sideq7.72.0-1
curl:bullseyeeq7.72.0-1

Name	Operator	Version
curl:xenial	eq	7.47.0-1ubuntu2
curl:xenial	eq	7.47.0-1ubuntu2.16
curl:bionic	eq	7.58.0-2ubuntu3.10
curl:bionic	eq	7.58.0-2ubuntu3
curl:groovy	eq	7.68.0-1ubuntu4
curl:focal	eq	7.68.0-1ubuntu2.2
curl:focal	eq	7.68.0-1ubuntu2
curl:stretch	eq	7.52.1-5+deb9u10
curl:sid	eq	7.72.0-1
curl:bullseye	eq	7.72.0-1