{"containers": {"cna": {"affected": [{"product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [{"status": "affected", "version": "7.41.0 to and including 7.73.0"}]}], "descriptions": [{"lang": "en", "value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "Improper Certificate Validation (CWE-295)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T23:23:30", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1048457"}, {"tags": ["x_refsource_MISC"], "url": "https://curl.se/docs/CVE-2020-8286.html"}, {"name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Apr/50"}, {"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Apr/54"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212325"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212326"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212327"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8286", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/curl/curl", "version": {"version_data": [{"version_value": "7.41.0 to and including 7.73.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Certificate Validation (CWE-295)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/1048457", "refsource": "MISC", "url": "https://hackerone.com/reports/1048457"}, {"name": "https://curl.se/docs/CVE-2020-8286.html", "refsource": "MISC", "url": "https://curl.se/docs/CVE-2020-8286.html"}, {"name": "FEDORA-2020-ceaf490686", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"name": "FEDORA-2020-7ab62c73bc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"name": "GLSA-202012-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202012-14"}, {"name": "DSA-4881", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4881"}, {"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Apr/50"}, {"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Apr/54"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://security.netapp.com/advisory/ntap-20210122-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"name": "https://support.apple.com/kb/HT212325", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212325"}, {"name": "https://support.apple.com/kb/HT212326", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212326"}, {"name": "https://support.apple.com/kb/HT212327", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212327"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:28.324Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1048457"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://curl.se/docs/CVE-2020-8286.html"}, {"name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Apr/50"}, {"name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Apr/54"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212325"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212326"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212327"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T15:29:39.778689Z", "id": "CVE-2020-8286", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T15:30:03.757Z"}}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8286", "datePublished": "2020-12-14T19:39:28", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-11-15T15:30:03.757Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1048457", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://curl.se/docs/CVE-2020-8286.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", "name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", "name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", "name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202012-14", "name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://www.debian.org/security/2021/dsa-4881", "name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/51", "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/50", "name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/54", "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20210122-0007/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT212325", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT212326", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT212327", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:28.324Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-8286", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T15:29:39.778689Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T15:29:47.082Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "https://github.com/curl/curl", "versions": [{"status": "affected", "version": "7.41.0 to and including 7.73.0"}]}], "references": [{"url": "https://hackerone.com/reports/1048457", "tags": ["x_refsource_MISC"]}, {"url": "https://curl.se/docs/CVE-2020-8286.html", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", "name": "FEDORA-2020-ceaf490686", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", "name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", "name": "FEDORA-2020-7ab62c73bc", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://security.gentoo.org/glsa/202012-14", "name": "GLSA-202012-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://www.debian.org/security/2021/dsa-4881", "name": "DSA-4881", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/51", "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/50", "name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/54", "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_refsource_MISC"]}, {"url": "https://security.netapp.com/advisory/ntap-20210122-0007/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT212325", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT212326", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT212327", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_refsource_MISC"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "Improper Certificate Validation (CWE-295)"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2022-04-19T23:23:30"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "7.41.0 to and including 7.73.0"}]}, "product_name": "https://github.com/curl/curl"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://hackerone.com/reports/1048457", "name": "https://hackerone.com/reports/1048457", "refsource": "MISC"}, {"url": "https://curl.se/docs/CVE-2020-8286.html", "name": "https://curl.se/docs/CVE-2020-8286.html", "refsource": "MISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", "name": "FEDORA-2020-ceaf490686", "refsource": "FEDORA"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", "name": "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", "name": "FEDORA-2020-7ab62c73bc", "refsource": "FEDORA"}, {"url": "https://security.gentoo.org/glsa/202012-14", "name": "GLSA-202012-14", "refsource": "GENTOO"}, {"url": "https://www.debian.org/security/2021/dsa-4881", "name": "DSA-4881", "refsource": "DEBIAN"}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/51", "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/50", "name": "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Apr/54", "name": "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", "refsource": "FULLDISC"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20210122-0007/", "name": "https://security.netapp.com/advisory/ntap-20210122-0007/", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT212325", "name": "https://support.apple.com/kb/HT212325", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT212326", "name": "https://support.apple.com/kb/HT212326", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT212327", "name": "https://support.apple.com/kb/HT212327", "refsource": "CONFIRM"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", "refsource": "CONFIRM"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Certificate Validation (CWE-295)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-8286", "STATE": "PUBLIC", "ASSIGNER": "support@hackerone.com"}}}}, "cveMetadata": {"cveId": "CVE-2020-8286", "state": "PUBLISHED", "dateUpdated": "2024-11-15T15:30:03.757Z", "dateReserved": "2020-01-28T00:00:00", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2020-12-14T19:39:28", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A702C04-FA3B-4A88-8354-D7683A3329C1", "versionEndExcluding": "7.74.0", "versionStartIncluding": "7.41.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BC4299D-05D3-4875-BC79-C3DC02C88ECE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E97851-4DFF-4852-A339-183331F4ACBC", "versionEndExcluding": "10.14.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5", "versionEndExcluding": "10.15.7", "versionStartIncluding": "10.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", "matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", "matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", "matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", "matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E699CCC-31F5-458E-A59C-79B3AF143747", "versionEndExcluding": "11.3", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_tim_1531_irc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BF5425F-6AC5-496F-B8BD-1C0BF5D04D1F", "versionEndIncluding": "2.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_tim_1531_irc:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEFDF765-44F4-45CB-8A28-FD7D355310DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response."}, {"lang": "es", "value": "curl versiones 7.41.0 hasta 7.73.0, es vulnerable a una comprobaci\u00f3n inapropiada para la revocaci\u00f3n del certificado debido a una verificaci\u00f3n insuficiente de la respuesta OCSP"}], "id": "CVE-2020-8286", "lastModified": "2024-11-21T05:38:39.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-14T20:15:14.043", "references": [{"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/50"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/54"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2020-8286.html"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://hackerone.com/reports/1048457"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212325"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212326"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212327"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/50"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/51"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Apr/54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://curl.se/docs/CVE-2020-8286.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://hackerone.com/reports/1048457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2471", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "curl", "product_name": "JBoss Core Services Apache HTTP Server 2.4.37 SP8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-0:1-18.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-apr-0:1.6.3-105.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-apr-util-0:1.6.1-82.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-brotli-0:1.0.6-40.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-curl-0:7.77.0-2.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-httpd-0:2.4.37-74.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-jansson-0:2.11-55.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-5.Final_redhat_2.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_http2-0:1.15.7-17.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_jk-0:1.2.48-16.redhat_1.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_md-1:2.0.8-36.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_security-0:2.9.2-63.GA.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-nghttp2-0:1.39.2-37.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-1:1.1.1g-6.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-chil-0:1.0.0-5.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-0:1-18.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-105.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-82.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.77.0-2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-74.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-jansson-0:2.11-55.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-5.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.7-17.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.48-16.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-36.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:2472", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-63.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-06-17T00:00:00Z"}, {"advisory": "RHSA-2021:1610", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "curl-0:7.61.1-18.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "curl: Inferior OCSP verification", "id": "1906096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906096"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-295", "details": ["curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", "Libcurl offers \"OCSP stapling\" via the CURLOPT_SSL_VERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-status using the curl tool. As part of the OCSP response verification, a client should verify that the response is indeed set out for the correct certificate. This step was not performed by libcurl when built or told to use OpenSSL as TLS backend."], "name": "CVE-2020-8286", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21-curl", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:3.1", "fix_state": "Not affected", "package_name": "rh-dotnet31-curl", "product_name": ".NET Core 3.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "httpd24-curl", "product_name": "Red Hat Software Collections"}], "public_date": "2020-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8286\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8286\nhttps://curl.se/docs/CVE-2020-8286.html"], "threat_severity": "Moderate", "upstream_fix": "curl 7.74.0"}