CVE-2022-35252

Опубликовано: 23 сент. 2022

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS3: 3.7

Описание

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Релиз	Статус	Примечание
bionic	released	7.58.0-2ubuntu3.20
devel	released	7.85.0-1
esm-infra-legacy/trusty	released	7.35.0-1ubuntu2.20+esm12
esm-infra/bionic	released	7.58.0-2ubuntu3.20
esm-infra/focal	released	7.68.0-1ubuntu2.13
esm-infra/xenial	released	7.47.0-1ubuntu2.19+esm5
focal	released	7.68.0-1ubuntu2.13
jammy	released	7.81.0-1ubuntu1.4
kinetic	released	7.85.0-1
trusty	ignored	end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 30%

0.00112

Низкий

3.7 Low

CVSS3

Связанные уязвимости

CVE-2022-35252

CVSS3: 3.1

redhat

около 3 лет назад

CVE-2022-35252

CVSS3: 3.7

nvd

около 3 лет назад

CVE-2022-35252

CVSS3: 3.7

msrc

около 3 лет назад

When curl is used to retrieve and parse cookies from a HTTP(S) server itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

CVE-2022-35252

CVSS3: 3.7

debian

около 3 лет назад

When curl is used to retrieve and parse cookies from a HTTP(S) server, ...

SUSE-SU-2022:3005-1

suse-cvrf

около 3 лет назад

Security update for curl

EPSS

Процентиль: 30%

0.00112

Низкий

3.7 Low

CVSS3

CVE-2022-35252

Описание

Пакет curl

Ссылки на источники

Связанные уязвимости