Lucene search
NyymiH1:1814333HistoryDec 21, 2022 - 12:48 p.m.
curl: CVE-2023-23915: HSTS amnesia with --parallel
2022-12-2112:48:23
nyymi
hackerone.com
23
curl
hsts cache
parallel requests
insecure channels
confidentiality
integrity
bug bounty
0.001 Low
EPSS
Percentile
26.1%
Summary:
curl overwrites HSTS cache entries if requests are performed in parallel.
Steps To Reproduce:
curl --parallel --hsts hsts.txt https://site1.tld https://site2.tld https://site3.tld
Only one of the sites contacted will have entry in hsts.txt afterwards. Non-TLS connection to the other sites will not protected by TLS.
Impact
Request performed over insecure channels unexpectedly and loss of confidentiality and integrity.
Related
veracode
veracode
Information Disclosure
2023-02-18 05:20:51
debiancve
debiancve
CVE-2023-23915
2023-02-23 20:15:13
cbl_mariner
cbl_mariner
CVE-2023-23915 affecting package mysql for versions less than 8.0.33-1
2023-05-03 16:24:32
CVE-2023-23915 affecting package curl for versions less than 7.88.1-1
2023-03-24 23:55:40
CVE-2023-23915 affecting package cmake 3.21.4-10
2024-06-29 09:08:33
alpinelinux
alpinelinux
CVE-2023-23915
2023-02-23 20:15:13
hackerone
hackerone
Internet Bug Bounty: CVE-2023-23915: HSTS amnesia with --parallel
2023-02-15 09:14:11
curl: CVE-2023-23916: HTTP multi-header compression denial of service
2023-01-08 12:34:31
cvelist
cvelist
CVE-2023-23915
2023-02-23 00:00:00
redhatcve
redhatcve
CVE-2023-23915
2023-02-17 11:57:24
osv
osv
CVE-2023-23915
2023-02-23 20:15:13
HSTS amnesia with --parallel
2023-02-15 08:00:00
curl vulnerabilities
2023-02-27 12:34:20
prion
prion
Design/Logic Flaw
2023-02-23 20:15:00
cve
cve
CVE-2023-23915
2023-02-23 20:15:13
nvd
nvd
CVE-2023-23915
2023-02-23 20:15:13
ubuntucve
ubuntucve
CVE-2023-23915
2023-02-15 00:00:00
nessus
nessus
FreeBSD : curl -- multiple vulnerabilities (be233fc6-bae7-11ed-a4fb-080027f5fec9)
2023-03-05 00:00:00
EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2286)
2023-07-04 00:00:00
EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-2262)
2023-07-04 00:00:00
slackware
slackware
[slackware-security] curl
2023-02-15 19:51:33
openvas
openvas
Ubuntu: Security Advisory (USN-5891-1)
2023-02-28 00:00:00
Fedora: Security Advisory for curl (FEDORA-2023-ddf6575695)
2023-02-19 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2262)
2023-07-04 00:00:00
amazon
amazon
Medium: curl
2023-03-02 22:36:00
freebsd
freebsd
curl -- multiple vulnerabilities
2023-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-6.fc37
2023-02-19 01:39:34
ubuntu
ubuntu
curl vulnerabilities
2023-02-27 00:00:00
cloudfoundry
cloudfoundry
USN-5891-1: curl vulnerabilities | Cloud Foundry
2023-04-20 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0350
2023-03-07 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0545
2023-03-07 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0035
2023-06-22 00:00:00
ibm
ibm
Security Bulletin: Multiple publicly disclosed Libcurl vulnerabilities affect IBM Safer Payments
2023-05-16 22:43:50
redhat
redhat
gentoo
gentoo
curl: Multiple Vulnerabilities
2023-10-11 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00