The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl |
||
netapp hci_bootstrap_os - |
||
netapp clustered data ontap - |
||
netapp solidfire \\& hci management node - |
||
netapp solidfire\\, enterprise sds \\& hci storage node - |
||
netapp h410s_firmware - |
||
netapp h700s_firmware - |
||
netapp h500s_firmware - |
||
netapp h300s_firmware - |
||
splunk universal forwarder 9.1.0 |
||
splunk universal forwarder |