[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

libcurl - (bulletinjan2017)

ID: oval:org.secpod.oval:def:2100417Date: (C)2019-12-31   (M)2022-10-10
Class: PATCHFamily: unix




curl before version 7.51.0 doesn"t parse the authority component of the URL correctly when the host name part ends with a "#" character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.

Platform:
Sun Solaris 11
Product:
web/curl
Reference:
bulletinjan2017
CVE-2016-8624
CVE    1
CVE-2016-8624
CPE    1
cpe:/o:oracle:solaris:11

© SecPod Technologies