CVE-2020-8284 vulnerability in Haxx and Other Products
Published on December 14, 2020

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2020-8284 has been classified to as an Information Disclosure vulnerability or weakness.

Products Associated with CVE-2020-8284

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8284 are published in these products:

Haxx Curl

Debian Linux

Fedora Project Fedora

NetApp Clustered Data Ontap

NetApp Hci Management Node

NetApp Solidfire

NetApp Hci Storage Node

Apple macOS

Oracle Communications Billing Revenue Management

Oracle Essbase

Oracle Peoplesoft Enterprise Peopletools

Oracle Communications Cloud Native Core Policy

Siemens Sinec Infrastructure Network Services

Splunk Universal Forwarder

Exploit Probability

EPSS

0.10%

Percentile

28.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-8284 vulnerability in Haxx and Other ProductsPublished on December 14, 2020

Weakness Type

What is an Information Disclosure Vulnerability?

Products Associated with CVE-2020-8284

Exploit Probability

CVE-2020-8284 vulnerability in Haxx and Other Products
Published on December 14, 2020