漏洞信息详情
HAXX libcurl 信息泄露漏洞
漏洞简介
HAXX libcurl是瑞典Haxx(HAXX)公司的一款开源的客户端URL传输库。该产品支持FTP、SFTP、TFTP和HTTP等协议。
Haxx curl FTP PASV Responses 存在信息泄露漏洞,攻击者可利用该漏洞通过curl的FTP PASV响应绕过对数据的访问限制,获取敏感信息。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://curl.se/docs/CVE-2020-8284.html
参考网址
来源:CONFIRM
链接:https://support.apple.com/kb/HT212327
来源:CONFIRM
链接:https://support.apple.com/kb/HT212326
来源:CONFIRM
链接:https://support.apple.com/kb/HT212325
来源:GENTOO
链接:https://security.gentoo.org/glsa/202012-14
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210122-0007/
来源:MISC
链接:https://curl.se/docs/CVE-2020-8284.html
来源:N/A
链接:https://www.oracle.com//security-alerts/cpujul2021.html
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-4881
来源:MISC
链接:https://hackerone.com/reports/1040166
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuApr2021.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164192/Red-Hat-Security-Advisory-2021-3556-01.html
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2020-8284
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1866
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1700
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2657
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0631
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2711
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1841
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4343/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1114
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2365
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2180
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162629/Red-Hat-Security-Advisory-2021-1610-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163276/Red-Hat-Security-Advisory-2021-2543-01.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052026
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160706/Gentoo-Linux-Security-Advisory-202012-14.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021072050
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-8284
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163496/Red-Hat-Security-Advisory-2021-2705-01.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/curl-information-disclosure-via-FTP-PASV-Responses-34066
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2228
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021062703
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021092220
来源:support.apple.com
链接:https://support.apple.com/en-us/HT212325
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4534/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4364/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160436/Ubuntu-Security-Notice-USN-4665-2.html
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6520474
来源:support.apple.com
链接:https://support.apple.com/en-us/HT212327
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4506/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163267/Red-Hat-Security-Advisory-2021-2532-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2471
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071516
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021062315
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160423/Ubuntu-Security-Notice-USN-4665-1.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021051406
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3141
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-libcurl-cve-2020-8284/
受影响实体
暂无
补丁
- Haxx curl 信息泄露漏洞的修复措施<!--2020-12-9-->
还没有评论,来说两句吧...