Lucene search

K

Veracode Vulnerability DatabaseVERACODE:32153

HistorySep 17, 2021 - 9:34 p.m.

Man-In-The-Middle Attack (MitM)

2021-09-1721:34:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

curl is vulnerable to Man in the middle attack. The vulnerability exists due to a lack of clearing of previous cached responses, treating them as valid and authenticated.

CPENameOperatorVersion
curl:3.14eq7.77.0-r0
curl:3.14eq7.77.0-r1
curl:3.14eq7.78.0-r0
curl:3.13eq7.77.0-r0
curl:3.13eq7.78.0-r0
curl:3.13eq7.76.1-r0
curl:3.13eq7.74.0-r1
curl:3.13eq7.77.0-r1
curl:3.11eq7.67.0-r4
curl:3.11eq7.67.0-r5

Rows per page:

1-10 of 1021

References

seclists.org/fulldisclosure/2022/Mar/29

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

hackerone.com/reports/1334763

lists.debian.org/debian-lts-announce/2021/09/msg00022.html

lists.debian.org/debian-lts-announce/2022/08/msg00017.html

lists.fedoraproject.org/archives/list/[email protected]/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/

lists.fedoraproject.org/archives/list/[email protected]/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.11/main.yaml

secdb.alpinelinux.org/v3.12/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

secdb.alpinelinux.org/v3.14/main.yaml

security.netapp.com/advisory/ntap-20211029-0003/

support.apple.com/kb/HT213183

www.debian.org/security/2022/dsa-5197

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N