| Vulnerability Name: | CVE-2022-42916 (CCN-239061) | ||||||||||||
| Assigned: | 2022-10-26 | ||||||||||||
| Published: | 2022-10-26 | ||||||||||||
| Updated: | 2023-03-28 | ||||||||||||
| Summary: | cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a HSTS bypass flaw . By sending a specially-crafted URL with ASCII counterparts as part of the IDN conversion in host name, an attacker could exploit this vulnerability to obtain sensitive information from clear-text HTTP transmission, and use this information to launch further attacks against the affected system. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
| ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-42916 Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: CCN Type: Project curl Security Advisory, October 26 2022 CVE-2022-42916: HSTS bypass via IDN Source: cve@mitre.org Type: Vendor Advisory cve@mitre.org Source: XF Type: UNKNOWN curl-cve202242916-info-disc(239061) Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Mailing List, Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Broken Link cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: cve@mitre.org Type: Third Party Advisory cve@mitre.org Source: CCN Type: IBM Security Bulletin 6840059 (ILOG CPLEX Optimization Studio) The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221) Source: CCN Type: IBM Security Bulletin 6845365 (QRadar WinCollect Agent) IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities Source: CCN Type: IBM Security Bulletin 6855601 (Rational ClearCase) Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 ) Source: CCN Type: IBM Security Bulletin 6963308 (PowerSC) Multiple vulnerabilities in Curl affect PowerSC Source: CCN Type: IBM Security Bulletin 6984347 (Engineering Requirements Management DOORS) IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6 Source: CCN Type: Mend Vulnerability Database CVE-2022-42916 | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||