Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2022-27780

Published: 02/06/2022 Updated: 27/03/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Curl

Vulnerability Summary

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

netapp hci_bootstrap_os -

netapp clustered data ontap -

netapp solidfire \\& hci management node -

netapp solidfire\\, enterprise sds \\& hci storage node -

netapp h410s_firmware -

netapp h700s_firmware -

netapp h500s_firmware -

netapp h300s_firmware -

splunk universal forwarder 9.1.0

splunk universal forwarder

Vendor Advisories

Ubuntu Security Notice: USN-5412-1: curl vulnerabilities
Several security issues were fixed in curl ...
Arch Linux Issues:
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a *different* URL using the wrong host name when it is later retrieved For example, a URL like `examplecom%2F10001/`, would be allowed by the parser and get transposed into `examplecom/10001/` This ...
Amazon Linux 2022: ALAS2022-2022-065
A vulnerability was found in curl This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer This issue leads to an authentication bypass, either by mistake or by a malicious actor (CVE-2022-22576) A vulnerability was found in ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-918https://hackerone.com/reports/1553841https://security.netapp.com/advisory/ntap-20220609-0009/https://security.gentoo.org/glsa/202212-01https://ubuntu.com/security/notices/USN-5412-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook