Summary
Detail | |||
---|---|---|---|
Vendor | Curl | First view | 2009-08-14 |
Product | Libcurl | Last view | 2010-03-19 |
Version | 7.10.6 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:curl:libcurl |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2010-03-19 | CVE-2010-0734 | content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. |
7.5 | 2009-08-14 | CVE-2009-2417 | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-310 | Cryptographic Issues |
50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
62879 | SSH Tectia Audit Player X.509 Certificate Authority (CA) Common Name Null Byt... |
62217 | cURL / libcURL Compressed HTTP Content Registered Callback Overflow |
56994 | cURL/libcURL w/ OpenSSL X.509 Certificate Authority (CA) Common Name Null Byt... |
OpenVAS Exploits
id | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-02 (cURL) File : nvt/glsa_201203_02.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:1209 centos3 i386 File : nvt/gb_CESA-2009_1209_curl_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:1209 centos5 i386 File : nvt/gb_CESA-2009_1209_curl_centos5_i386.nasl |
2011-06-24 | Name : Ubuntu Update for curl USN-1158-1 File : nvt/gb_ubuntu_USN_1158_1.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-21 | Name : FreeBSD Ports: curl File : nvt/freebsd_curl3.nasl |
2010-04-09 | Name : CentOS Update for curl CESA-2010:0329 centos3 i386 File : nvt/gb_CESA-2010_0329_curl_centos3_i386.nasl |
2010-04-09 | Name : CentOS Update for curl CESA-2010:0329 centos4 i386 File : nvt/gb_CESA-2010_0329_curl_centos4_i386.nasl |
2010-04-06 | Name : RedHat Update for curl RHSA-2010:0329-01 File : nvt/gb_RHSA-2010_0329-01_curl.nasl |
2010-04-06 | Name : RedHat Update for curl RHSA-2010:0273-05 File : nvt/gb_RHSA-2010_0273-05_curl.nasl |
2010-04-06 | Name : Debian Security Advisory DSA 2023-1 (curl) File : nvt/deb_2023_1.nasl |
2010-03-22 | Name : Fedora Update for curl FEDORA-2010-2720 File : nvt/gb_fedora_2010_2720_curl_fc11.nasl |
2010-03-22 | Name : Mandriva Update for curl MDVSA-2010:062 (curl) File : nvt/gb_mandriva_MDVSA_2010_062.nasl |
2010-03-12 | Name : Fedora Update for curl FEDORA-2010-2762 File : nvt/gb_fedora_2010_2762_curl_fc12.nasl |
2010-02-19 | Name : Mandriva Update for drakxtools MDVA-2010:062 (drakxtools) File : nvt/gb_mandriva_MDVA_2010_062.nasl |
2010-02-19 | Name : Mandriva Update for drakxtools MDVA-2010:062-1 (drakxtools) File : nvt/gb_mandriva_MDVA_2010_062_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:203-1 (curl) File : nvt/mdksa_2009_203_1.nasl |
2009-10-13 | Name : SLES10: Security update for curl File : nvt/sles10_curl0.nasl |
2009-10-13 | Name : SLES10: Security update for GnuTLS File : nvt/sles10_gnutls.nasl |
2009-10-13 | Name : SLES10: Security update for compat-curl2 File : nvt/sles10_compat-curl2.nasl |
2009-10-11 | Name : SLES11: Security update for curl File : nvt/sles11_curl0.nasl |
2009-10-10 | Name : SLES9: Security update for curl File : nvt/sles9p5055560.nasl |
2009-09-28 | Name : Gentoo Security Advisory GLSA 200909-20 (curl) File : nvt/glsa_200909_20.nasl |
2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0015_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2009-0019.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0329.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1209.nasl - Type: ACT_GATHER_INFO |
2013-03-06 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090813_curl_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090813_curl_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100330_curl_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100330_curl_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100330_curl_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090813_curl_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-04-20 | Name: The remote web server is affected by multiple vulnerabilities. File: hpsmh_7_0_0_24.nasl - Type: ACT_GATHER_INFO |
2012-03-06 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201203-02.nasl - Type: ACT_GATHER_INFO |
2011-06-24 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1158-1.nasl - Type: ACT_GATHER_INFO |
2011-02-14 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2011-0003.nasl - Type: ACT_GATHER_INFO |
2010-10-04 | Name: The remote VMware ESX host is missing one or more security-related patches. File: vmware_VMSA-2010-0015.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-2720.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-2762.nasl - Type: ACT_GATHER_INFO |
2010-06-15 | Name: The remote host is missing a Mac OS X update that fixes a security issue. File: macosx_SecUpd2010-004.nasl - Type: ACT_GATHER_INFO |
2010-06-15 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_6_4.nasl - Type: ACT_GATHER_INFO |
2010-05-11 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2010-0273.nasl - Type: ACT_GATHER_INFO |
2010-05-11 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2010-0329.nasl - Type: ACT_GATHER_INFO |
2010-04-20 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_c8c31c4149ed11df83fb0015587e2cc1.nasl - Type: ACT_GATHER_INFO |
2010-04-09 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2010-0329.nasl - Type: ACT_GATHER_INFO |