CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
79.3%
Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors
for SASL-enabled protocols such as SMPTP(S), IMAP(S), POP3(S), and LDAP(S) (openldap only).
Exploitation of the vulnerability could allow an attacker acting remotely to reuse the
OAUTH2 authenticated connections without properly verifying that the connection has been
authenticated with the same credentials set for that transmission
The cURL command-line utility vulnerability is related to application attempts to perform redirects during the
during the authentication process, and does not treat different port numbers or protocols as separate targets for
authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a
redirect to a different protocol port number, and thus cause cURL to allow such a
redirection and pass the credentials
A vulnerability in the cURL command line utility is related to mismanagement of internal resources when working with the IPv6 protocol.
IPv6 protocol. Exploitation of the vulnerability could allow an attacker acting remotely,
cause an improper connection where one transmission uses a zone identifier and a subsequent transmission uses a different (or no) zone identifier.
transmission uses a different (or no) zone identifier
The cURL command-line utility vulnerability involves leaking authentication data or cookie headers during HTTP redirection.
cookie during HTTP redirection to the same host but with a different port number. Exploitation of the vulnerability
could allow an attacker acting remotely to mistakenly send the same set of headers to hosts
that are identical to the first but use a different port number or URL scheme
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
79.3%