Lucene search
HackeroneCVELIST:CVE-2022-30115HistoryJun 01, 2022 - 12:00 a.m.
CVE-2022-30115
2022-06-0100:00:00
CWE-325
hackerone
www.cve.org
2
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and not using thetrailing dot in the URL.
CNA Affected
[
{
"vendor": "n/a",
"product": "https://github.com/curl/curl",
"versions": [
{
"version": "Fixed in 7.83.1",
"status": "affected"
}
]
}
]Related
cbl_mariner
cbl_mariner
CVE-2022-30115 affecting package curl for versions less than 7.83.1-1
2022-07-01 21:02:21
CVE-2022-30115 affecting package curl 7.76.0-9
2022-08-24 22:05:05
hackerone
hackerone
Internet Bug Bounty: CVE-2022-30115: HSTS bypass via trailing dot
2022-05-11 07:10:29
curl: CVE-2022-30115: HSTS bypass via trailing dot
2022-05-03 09:03:34
alpinelinux
alpinelinux
CVE-2022-30115
2022-06-02 14:15:51
prion
prion
Design/Logic Flaw
2022-06-02 14:15:00
redhatcve
redhatcve
CVE-2022-30115
2022-05-11 07:37:16
debiancve
debiancve
CVE-2022-30115
2022-06-02 14:15:51
veracode
veracode
Information Disclosure
2022-05-13 11:58:33
ubuntucve
ubuntucve
CVE-2022-30115
2022-05-11 00:00:00
osv
osv
CVE-2022-30115
2022-06-02 14:15:51
nvd
nvd
CVE-2022-30115
2022-06-02 14:15:51
cve
cve
CVE-2022-30115
2022-06-02 14:15:51
ibm
ibm
openvas
openvas
Fedora: Security Advisory for curl (FEDORA-2022-d15a736748)
2022-05-13 00:00:00
Slackware: Security Advisory (SSA:2022-131-01)
2022-05-12 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: curl-7.82.0-5.fc36
2022-05-12 20:26:36
nessus
nessus
Fedora 36 : curl (2022-d15a736748)
2022-05-12 00:00:00
redos
redos
ROS-20220524-03
2022-05-24 00:00:00
slackware
slackware
[slackware-security] curl
2022-05-11 19:04:46
freebsd
freebsd
curl -- Multiple vulnerabilities
2022-05-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package curl version 7.83.1-alt1
2022-05-19 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0205
2022-06-27 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0205
2022-06-27 00:00:00
Important Photon OS Security Update - PHSA-2022-0486
2022-06-19 00:00:00
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00