Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0360
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0360)
Zusammenfassung:	The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2024-0360 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2024-0360 advisory. Vulnerability Insight: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host. This flaw also affects the curl command line tool. When triggered, this is a potential minor DoS security problem when trying to use HTTPS when that no longer works or a cleartext transmission of data that was otherwise intended to possibly be protected. This update fixes the issue so subdomains cannot affect the HSTS cache of a parent domain. Affected Software/OS: 'curl' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 6.1 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:C/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-9681
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.