CVE-2021-22890
01.04.2021, 18:15
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.Enginsight
| Vendor | Product | Version |
|---|---|---|
| haxx | libcurl | 7.63.0 ≤ 𝑥 ≤ 7.75.0 |
| netapp | hci_management_node | - |
| netapp | solidfire | - |
| netapp | hci_storage_node | - |
| broadcom | fabric_operating_system | - |
| debian | debian_linux | 9.0 |
| siemens | sinec_infrastructure_network_services | 𝑥 < 1.0.1.1 |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 |
| oracle | essbase | 21.2 |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-300 - Channel Accessible by Non-EndpointThe product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
- CWE-290 - Authentication Bypass by SpoofingThis attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
References