A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NHaxx Curl
APPHaxx7.77.0 – 7.88.0 (bez)Netapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Clustered Data Ontap
APPNetapp9.0Netapp H300s
HWNetappwszystkie wersjeNetapp H300s Firmware
OSNetappwszystkie wersjeNetapp H410s
HWNetappwszystkie wersjeNetapp H410s Firmware
OSNetappwszystkie wersjeNetapp H500s
HWNetappwszystkie wersjeNetapp H500s Firmware
OSNetappwszystkie wersjeNetapp H700s
HWNetappwszystkie wersjeNetapp H700s Firmware
OSNetappwszystkie wersjeSplunk Universal Forwarder
APPSplunk9.1.08.2.0 – 8.2.12 (bez)9.0.0 – 9.0.6 (bez)
Powiązane podatności
AMI MegaRAC SPx — zdalne ominięcie uwierzytelnienia w interfejsie Redfish BMC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX
Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4