Published: 23/02/2023 Updated: 27/03/2024

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 0

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl
netapp active iq unified manager -
netapp clustered data ontap 9.0
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410s_firmware -
splunk universal forwarder 9.1.0
splunk universal forwarder

Debian Bug report logs - #1031371 curl: CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 15 Feb 2023 22:27:01 UTC Severity: grave Tags: security, upstream Found in version curl ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2451 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2 ...

A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried This issue may result in limited confidentiality and integrity (CVE-2023-23914) A flaw was found in the Curl package, where the HSTS mechanism could fail when mu ...

DescriptionA flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried This issue may result in limited confidentiality and integrityA flaw was found in the Curl package, where the HSTS mechanism would be ignored b ...

Critical Infrastructure Sectors: Critical Manufacturing

Welcome to Learn365! This repository is about 365 days of Learning .

Learn365 Welcome to Learn365! This repository is about 365 days of Learning This repository contains all the information shared during my Learn 365 Challenge365 Days of Learning is a challenge to stay engaged in learning and personal development for a full year by setting a goal to learn something new every day, it can be anything from infosecFollow me on LinkedIn for Regul

CWE-319 https://hackerone.com/reports/1813864 https://security.netapp.com/advisory/ntap-20230309-0006/https://security.gentoo.org/glsa/202310-12 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371 https://nvd.nist.gov https://github.com/ctflearner/Learn365 https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://alas.aws.amazon.com/AL2/ALAS-2023-1986.html

CVE-2023-23914

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect