vulnerability

Ubuntu: (Multiple Advisories) (CVE-2020-8284): curl vulnerabilities

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Dec 9, 2020
Added
Dec 10, 2020
Modified
Nov 15, 2024

Description

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Solution(s)

ubuntu-pro-upgrade-curlubuntu-pro-upgrade-libcurl3ubuntu-pro-upgrade-libcurl3-gnutlsubuntu-pro-upgrade-libcurl3-nssubuntu-pro-upgrade-libcurl4
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.