{ "id": "CVE-2022-35252", "sourceIdentifier": "support@hackerone.com", "published": "2022-09-23T14:15:12.323", "lastModified": "2024-11-21T07:10:58.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings." }, { "lang": "es", "value": "Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando c\u00f3digos de control que cuando son enviados de vuelta a un servidor HTTP podr\u00edan hacer que el servidor devolviera respuestas 400. En efecto, permite que un \"sitio hermano\" deniegue el servicio a todos los hermanos." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW" }, "exploitabilityScore": 2.2, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "support@hackerone.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-20" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.85.0", "matchCriteriaId": "B7B9B38C-6728-408E-93C9-98C042DA9DD3" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953" }, { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0", "versionEndExcluding": "11.7.3", "matchCriteriaId": "4D13504E-ABCF-4E6F-8984-EADB123DFDD2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.0.0", "versionEndExcluding": "12.6.3", "matchCriteriaId": "C71359B9-7DCE-4F45-B03F-77CF313A74EA" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.2.0", "versionEndExcluding": "8.2.12", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.6", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32" }, { "vulnerable": true, "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC" } ] } ] } ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Jan/20", "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2023/Jan/21", "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://hackerone.com/reports/1613943", "source": "support@hackerone.com", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/202212-01", "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20220930-0005/", "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://support.apple.com/kb/HT213603", "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://support.apple.com/kb/HT213604", "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2023/Jan/20", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2023/Jan/21", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://hackerone.com/reports/1613943", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/202212-01", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20220930-0005/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] }, { "url": "https://support.apple.com/kb/HT213603", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] }, { "url": "https://support.apple.com/kb/HT213604", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] } ] }