Vulnerability Name: | CVE-2023-23914 (CCN-247433) | ||||||||||||
Assigned: | 2023-02-15 | ||||||||||||
Published: | 2023-02-15 | ||||||||||||
Updated: | 2023-03-09 | ||||||||||||
Summary: | cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the HSTS function when multiple URLs are requested serially. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. | ||||||||||||
CVSS v3 Severity: | 9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) 7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
| ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2023-23914 Source: CCN Type: Project curl Security Advisory, Feburary 15 2023 CVE-2023-23914: HSTS ignored on multiple requests Source: XF Type: UNKNOWN curl-cve202323914-info-disc(247433) Source: support@hackerone.com Type: Exploit, Issue Tracking support@hackerone.com Source: support@hackerone.com Type: UNKNOWN support@hackerone.com Source: CCN Type: IBM Security Bulletin 6962773 (QRadar WinCollect Agent) IBM QRadar WinCollect agent has multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus) Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus Source: CCN Type: IBM Security Bulletin 6986323 (MQ Operator) IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol Source: CCN Type: IBM Security Bulletin 6986573 (Safer Payments) Multiple publicly disclosed Libcurl vulnerabilities affect IBM Safer Payments Source: CCN Type: IBM Security Bulletin 6995589 (Spectrum Copy Data Management) Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management Source: CCN Type: IBM Security Bulletin 7004263 (PowerSC) Multiple vulnerabilities in Curl affect PowerSC Source: CCN Type: IBM Security Bulletin 7005589 (Spectrum Protect Plus) Vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux can affect IBM Spectrum Protect Plus. Source: CCN Type: Mend Vulnerability Database CVE-2023-23914 | ||||||||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |