Information Disclosure

🗓️ 23 Dec 2022 19:14:53Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 35 Views

curl vulnerability allows insecure HTTP over HTTP

Reporter	Title	Published	Views	Family All 263
IBM Security Bulletins	Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)	25 Jan 202319:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	15 Jun 202317:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management	28 Jul 202315:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8	18 Oct 202407:56	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus	23 Mar 202320:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple publicly disclosed Libcurl vulnerabilities affect IBM Safer Payments	16 May 202322:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX	29 Jun 202316:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux can affect IBM Spectrum Protect Plus.	20 Jun 202316:49	–	ibm
Tenable Nessus	Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2023-276)	25 Jan 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-083)	21 Mar 202300:00	–	nessus

Vulners

Node

curl curlMatch7.77.0-r0os

AND

curl curlMatch7.78.0-r0os

AND

curl curlMatch7.77.0-r1os

AND

curl curlMatch7.79.1-r3os

AND

curl curlMatch7.79.1-r2os

AND

curl curlMatch7.79.0-r0os

AND

curl curlMatch7.79.1-r1os

AND

curl curlMatch7.79.1-r0os

AND

alpinelinux alpine_linuxMatch3.14

curl curlMatch7.83.1-r1os

AND

curl curlMatch7.83.1-r4os

AND

curl curlMatch7.83.0-r0os

AND

curl curlMatch7.83.1-r3os

AND

curl curlMatch7.83.1-r2os

AND

alpinelinux alpine_linuxMatch3.16

curl curlMatch7.81.0-r0os

AND

curl curlMatch7.79.1-r0os

AND

curl curlMatch7.69.0-r0os

AND

curl curlMatch7.69.1-r0os

AND

curl curlMatch7.82.0-r0os

AND

curl curlMatch7.84.0-r1os

AND

curl curlMatch7.84.0-r2os

AND

curl curlMatch7.78.0-r2os

AND

curl curlMatch7.84.0-r0os

AND

curl curlMatch7.69.0-r1os

AND

curl curlMatch7.75.0-r0os

AND

curl curlMatch7.86.0-r1os

AND

curl curlMatch7.78.0-r0os

AND

curl curlMatch7.77.0-r0os

AND

curl curlMatch7.81.0-r1os

AND

curl curlMatch7.83.0-r0os

AND

curl curlMatch7.83.1-r1os

AND

curl curlMatch7.80.0-r0os

AND

curl curlMatch7.68.0-r0os

AND

curl curlMatch7.76.1-r0os

AND

curl curlMatch7.76.0-r0os

AND

curl curlMatch7.85.0-r0os

AND

curl curlMatch7.77.0-r1os

AND

curl curlMatch7.79.0-r0os

AND

alpinelinux alpine_linuxMatchedge

curl curlMatch7.86.0-r1os

AND

alpinelinux alpine_linuxMatch3.17

curl curlMatch7.80.0-r4os

AND

curl curlMatch7.79.1-r0os

AND

curl curlMatch7.80.0-r1os

AND

curl curlMatch7.80.0-r3os

AND

curl curlMatch7.80.0-r0os

AND

curl curlMatch7.80.0-r2os

AND

alpinelinux alpine_linuxMatch3.15

devel develMatch7.68.0-1ubuntu4debian

AND

devel develMatch7.72.0-1ubuntu1debian

AND

devel develMatch7.74.0-1ubuntu1debian

AND

debian debian_linux

curl curlMatch7.72.0-1debian

AND

debian debian_linuxMatch999

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.86.0_2.el8jbcs

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.83.1_6.el8jbcs

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.78.0_3.jbcs.el7

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.64.1_14.jbcs.el7

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.78.0_3.el8jbcs

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.64.1_44.jbcs.el7

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.77.0_2.el8jbcs

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.64.1_21.jbcs.el7

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.77.0_2.jbcs.el7

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.83.1_6.el7jbcs

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.86.0_2.el7jbcs

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.64.1_36.jbcs.el7

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.78.0_2.jbcs.el7

jbcs-httpd24-curl jbcs-httpd24-curlMatch7.78.0_2.el8jbcs

curl curlMatch7.29.0_57.el7

curl curlMatch7.29.0_54.el7_7.2

curl curlMatch7.19.7_26.el6

curl curlMatch7.19.7_16.el6

curl curlMatch7.19.7_53.el6_9

curl curlMatch7.29.0_46.el7

curl curlMatch7.19.7_37.el6_4

curl curlMatch7.19.7_40.el6_6.4

curl curlMatch7.19.7_54.el6_10

curl curlMatch7.19.7_40.el6_6.1

curl curlMatch7.29.0_59.el7_9.1

curl curlMatch7.29.0_51.el7_6.3

curl curlMatch7.19.7_52.el6

curl curlMatch7.29.0_54.el7_7.1

curl curlMatch7.29.0_59.el7

curl curlMatch7.29.0_54.el7

curl curlMatch7.29.0_32.el7

curl curlMatch7.19.7_35.el6

curl curlMatch7.19.7_46.el6

curl curlMatch7.19.7_40.el6_6.3

curl curlMatch7.29.0_51.el7

curl curlMatch7.19.7_26.el6_2.4

curl curlMatch7.19.7_26.el6_1.1

curl curlMatch7.29.0_57.el7_8.1

curl curlMatch7.19.7_26.el6_1.2

curl curlMatch7.19.7_36.el6_4

curl curlMatch7.19.7_37.el6_5.3

Source	Link
secdb	www.secdb.alpinelinux.org/v3.15/main.yaml
secdb	www.secdb.alpinelinux.org/v3.16/main.yaml
secdb	www.secdb.alpinelinux.org/v3.14/main.yaml
secdb	www.secdb.alpinelinux.org/edge/main.yaml
secdb	www.secdb.alpinelinux.org/v3.17/main.yaml
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
hackerone	www.hackerone.com/reports/1755083
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/
security	www.security.gentoo.org/glsa/202310-12
security	www.security.netapp.com/advisory/ntap-20230427-0007/

27 Mar 2024 17:13Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.00045