When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2023/Jan/20 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2023/Jan/21 | Mailing List Third Party Advisory |
https://hackerone.com/reports/1613943 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220930-0005/ | Third Party Advisory |
https://support.apple.com/kb/HT213603 | Third Party Advisory |
https://support.apple.com/kb/HT213604 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
History
27 Mar 2024, 15:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Splunk
Splunk universal Forwarder |
|
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
References | () http://seclists.org/fulldisclosure/2023/Jan/20 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2023/Jan/21 - Mailing List, Third Party Advisory |
01 Mar 2023, 18:09
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jan/21 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jan/20 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213603 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213604 - Third Party Advisory | |
First Time |
Debian
Apple macos Debian debian Linux Apple |
|
CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
29 Jan 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Jan 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2023, 17:27
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202212-01 - Third Party Advisory |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Oct 2022, 13:20
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220930-0005/ - Third Party Advisory | |
First Time |
Netapp element Software
Netapp h500s Netapp solidfire Netapp clustered Data Ontap Netapp h410s Firmware Netapp hci Management Node Netapp h700s Netapp h300s Netapp bootstrap Os Netapp Netapp h300s Firmware Netapp hci Compute Node Netapp h700s Firmware Netapp h410s Netapp h500s Firmware |
|
CPE | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
30 Sep 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Sep 2022, 14:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Haxx curl
Haxx |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
References | (MISC) https://hackerone.com/reports/1613943 - Exploit, Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.7 |
23 Sep 2022, 14:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-23 14:15
Updated : 2024-03-27 15:00
NVD link : CVE-2022-35252
Mitre link : CVE-2022-35252
CVE.ORG link : CVE-2022-35252
JSON object : View
Products Affected
netapp
- h500s
- h700s_firmware
- h410s
- h500s_firmware
- h300s
- h700s
- hci_management_node
- element_software
- h300s_firmware
- bootstrap_os
- h410s_firmware
- solidfire
- clustered_data_ontap
- hci_compute_node
apple
- macos
debian
- debian_linux
splunk
- universal_forwarder
haxx
- curl
CWE