Уязвимость некорректной работы HSTS в curl при параллельных запросах нескольких URL
Описание
Уязвимость передачи конфиденциальной информации в открытом виде существует в curl версиях до v7.88.0, из-за которой функция HSTS работает некорректно при параллельных запросах нескольких URL. Поддержка HSTS в curl позволяет использовать HTTPS вместо небезопасного шага HTTP даже когда в URL указано HTTP. Однако данный механизм HSTS может не работать при выполнении нескольких параллельных передач, так как файл кэша HSTS перезаписывается последней завершенной передачей. Это приводит к тому, что последующая передача, использующая только HTTP для ранее использованного имени хоста, не будет корректно обновлена до HSTS.
Затронутые версии ПО
- curl до v7.88.0
Тип уязвимости
Передача конфиденциальной информации в открытом виде
Ссылки
- Not Applicable
- Third Party Advisory
- Third Party Advisory
- Not Applicable
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одновременно
Одновременно
Одновременно
Одновременно
Одно из
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.
A cleartext transmission of sensitive information vulnerability exists ...
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.
EPSS
6.5 Medium
CVSS3