When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3951 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3951-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                          Abhijith PA     November 14, 2024                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : curl     Version        : 7.74.0-1.3+deb11u14     CVE ID         : CVE-2024-8096


    curl a command line tool for transferring data with URL syntax was     affected by CVE-2024-8096. When the TLS backend is GnuTLS, curl may     incorrectly handle OCSP stapling. If the OCSP status reports an error     other than revoked (e.g., unauthorized), it is not treated as a     bad certificate, potentially allowing invalid certificates to be     considered valid.

    For Debian 11 bullseye, this problem has been fixed in version     7.74.0-1.3+deb11u14.

    We recommend that you upgrade your curl packages.

    For the detailed security status of curl please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/curl

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling,     to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead     wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like     for example 'unauthorized') it is not treated as a bad certficate.(CVE-2024-8096)

    libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time     field.If given an syntactically incorrect field, the parser might end up using -1 for the length of the
    *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not     (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents     getting returned to the application when     [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.(CVE-2024-7264)

Tenable has extracted the preceding description block directly from the EulerOS curl security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time     field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the
    *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not     (purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contents     getting returned to the application when     [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.(CVE-2024-7264)

    When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling,     to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead     wrongly consider the response as fine.  If the returned status reports another error than 'revoked' (like     for example 'unauthorized') it is not treated as a bad certficate.(CVE-2024-8096)

Tenable has extracted the preceding description block directly from the EulerOS curl security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of cmake / curl / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8096 advisory.

  - When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling,     to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead     wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like     for example 'unauthorized') it is not treated as a bad certficate. (CVE-2024-8096)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-17 advisory.

  - Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of     the third-party components (OpenSSL, expat, curl, and libxml2)were found to contain vulnerabilities,     and updated versions have been made available by the providers.Out of caution and in line with best     practice, Tenable has opted to upgrade these components to address the potential impact of the issues.
    Nessus Network Monitor 6.5.0 updates OpenSSL to version 3.0.15, expat to version 2.6.3, curl to version     8.10.0, and libxml2 to to version 2.13.1 to address the identified vulnerabilities.Additionally, one     separate vulnerability was discovered, reported and fixed:A stored cross site scripting vulnerability     exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary     code into the NNM UI via the local CLI. - CVE-2024-9158 Tenable has released Nessus Network Monitor 6.5.0     to address these issues. The installation files can be obtained from the Tenable Downloads Portal     (https://www.tenable.com/downloads/nessus-network-monitor). (CVE-2024-34459, CVE-2024-45491,     CVE-2024-45492, CVE-2024-6119, CVE-2024-6197, CVE-2024-7264, CVE-2024-8096, CVE-2024-9158)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7012-1 advisory.

    Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP responses. This could result in bad     certificates not being checked properly, contrary to expectations.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Curl installed on the remote host is between 7.41.0 prior to 8.10.0. It is, therefore, affected by a security bypass vulnerability. When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3204-1 advisory.

    - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3203-1 advisory.

    - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3211-1 advisory.

    - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
210952	Debian dla-3951 : curl - security update	Nessus	Debian Local Security Checks	medium
210693	EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-2882)	Nessus	Huawei Local Security Checks	medium
210684	EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2825)	Nessus	Huawei Local Security Checks	medium
210676	EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2809)	Nessus	Huawei Local Security Checks	medium
210657	EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-2901)	Nessus	Huawei Local Security Checks	medium
209586	CBL Mariner 2.0 Security Update: cmake / curl / mysql (CVE-2024-8096)	Nessus	MarinerOS Local Security Checks	medium
207713	Nessus Network Monitor < 6.5.0 Multiple Vulnerabilities (TNS-2024-17)	Nessus	Misc.	critical
207281	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : curl vulnerability (USN-7012-1)	Nessus	Ubuntu Local Security Checks	medium
207231	Curl 7.41.0 < 8.10.0 Security Bypass (CVE-2024-8096)	Nessus	Misc.	medium
207049	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2024:3204-1)	Nessus	SuSE Local Security Checks	medium
207048	SUSE SLES12 Security Update : curl (SUSE-SU-2024:3203-1)	Nessus	SuSE Local Security Checks	medium
207046	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2024:3211-1)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2024-8096

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

critical

medium

medium

medium

medium

medium