漏洞信息详情
HAXX libcurl 信任管理问题漏洞
- CNNVD编号:CNNVD-202012-755 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2020-8286
- 漏洞类型: 信任管理问题
- 发布时间: 2020-12-09
- 威胁类型: 远程
- 更新时间: 2021-12-01
- 厂 商:
- 漏洞来源: Red Hat
-
漏洞简介
HAXX libcurl是瑞典Haxx(HAXX)公司的一款开源的客户端URL传输库。该产品支持FTP、SFTP、TFTP和HTTP等协议。
libcurl 存在信任管理问题漏洞,攻击者可利用该漏洞通过在libcurl上进行低级OCSP验证,充当中间人,在会话中读取或写入数据。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://curl.se/docs/CVE-2020-8286.html
参考网址
来源:CONFIRM
链接:https://support.apple.com/kb/HT212327
来源:CONFIRM
链接:https://support.apple.com/kb/HT212326
来源:CONFIRM
链接:https://support.apple.com/kb/HT212325
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2021/Apr/50
来源:MISC
链接:https://curl.se/docs/CVE-2020-8286.html
来源:GENTOO
链接:https://security.gentoo.org/glsa/202012-14
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2021/Apr/51
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
来源:CONFIRM
链接:https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210122-0007/
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2021/Apr/54
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
来源:DEBIAN
链接:https://www.debian.org/security/2021/dsa-4881
来源:MISC
链接:https://hackerone.com/reports/1048457
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuApr2021.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/libcurl-Man-in-the-Middle-via-Inferior-OCSP-Verification-34068
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164192/Red-Hat-Security-Advisory-2021-3556-01.html
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuapr2021.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1866
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1700
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2657
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2711
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1841
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021042704
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4343/
来源:us-cert.cisa.gov
链接:https://us-cert.cisa.gov/ics/advisories/icsa-21-159-10
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0635
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0319/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021072122
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021042615
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1409.2
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1114
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2365
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2180
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpujul2021.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162629/Red-Hat-Security-Advisory-2021-1610-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163276/Red-Hat-Security-Advisory-2021-2543-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162358/Apple-Security-Advisory-2021-04-26-2.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021061010
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052026
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160706/Gentoo-Linux-Security-Advisory-202012-14.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-8286
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021072050
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163496/Red-Hat-Security-Advisory-2021-2705-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2228
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021062703
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021092220
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4364/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6520474
来源:support.apple.com
链接:https://support.apple.com/en-us/HT212327
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4506/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163267/Red-Hat-Security-Advisory-2021-2532-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2054
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2471
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071516
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021062315
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160423/Ubuntu-Security-Notice-USN-4665-1.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021051406
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3141
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2020-8286
受影响实体
暂无
补丁
- HAXX libcurl 信任管理问题漏洞的修复措施<!--2020-12-9-->
还没有评论,来说两句吧...