ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0360
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0360)
Resumen:	The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2024-0360 advisory.
Descripción:	Summary: The remote host is missing an update for the 'curl' package(s) announced via the MGASA-2024-0360 advisory. Vulnerability Insight: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host. This flaw also affects the curl command line tool. When triggered, this is a potential minor DoS security problem when trying to use HTTPS when that no longer works or a cleartext transmission of data that was otherwise intended to possibly be protected. This update fixes the issue so subdomains cannot affect the HSTS cache of a parent domain. Affected Software/OS: 'curl' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 6.1 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:C/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-9681
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.