vulnerability
Oracle Linux: CVE-2024-11053: ELSA-2025-1671: mysql security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:C/I:N/A:N) | 2024-12-11 | 2025-02-25 | 2025-02-25 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:C/I:N/A:N)
Published
2024-12-11
Added
2025-02-25
Modified
2025-02-25
Description
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.
A vulnerability was found in libcurl. When .netrc is used to follow with HTTP redirects, curl could leak the password used for the first host to the followed-to host under some circumstances. For example: A curl transfer with `a.com` that redirects to `b.com` that uses a `.netrc` with a match but no password specified for the second host would make curl pass on `alicespassword` as the password even in the second transfer to the separate host `b.com`.
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.
A vulnerability was found in libcurl. When .netrc is used to follow with HTTP redirects, curl could leak the password used for the first host to the followed-to host under some circumstances. For example: A curl transfer with `a.com` that redirects to `b.com` that uses a `.netrc` with a match but no password specified for the second host would make curl pass on `alicespassword` as the password even in the second transfer to the separate host `b.com`.
Solution(s)
oracle-linux-upgrade-mecaboracle-linux-upgrade-mecab-develoracle-linux-upgrade-mecab-ipadicoracle-linux-upgrade-mecab-ipadic-eucjporacle-linux-upgrade-mysqloracle-linux-upgrade-mysql-commonoracle-linux-upgrade-mysql-develoracle-linux-upgrade-mysql-errmsgoracle-linux-upgrade-mysql-libsoracle-linux-upgrade-mysql-serveroracle-linux-upgrade-mysql-test
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.