A malicious server can use the FTP PASV response to trick curl 7.73.0 and previous versions into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
netapp clustered data ontap - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp hci storage node - |
||
netapp hci_bootstrap_os - |
||
apple mac os x |
||
apple mac os x 10.14.6 |
||
apple mac os x 10.15.7 |
||
apple macos 11.0.1 |
||
apple macos 11.1 |
||
apple macos 11.2 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle communications billing and revenue management 12.0.0.3.0 |
||
oracle essbase 21.2 |
||
oracle communications cloud native core policy 1.14.0 |
||
fujitsu m10-1_firmware |
||
fujitsu m10-4_firmware |
||
fujitsu m10-4s_firmware |
||
fujitsu m12-1_firmware |
||
fujitsu m12-2_firmware |
||
fujitsu m12-2s_firmware |
||
siemens sinec infrastructure network services |
||
splunk universal forwarder 9.1.0 |
||
splunk universal forwarder |