๐ curl: curl "globbing" can lead to denial of service attacks
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: [add summary of the vulnerability] The curl "globbing" allows too much scope, which can cause the server to be denied service or used to attack third-party websites. The globbing allow [1-9999999999999999999] to parse in the url. So when curl request for 'http://127.0.0.1/[1-9999999999999999999]', the can cause 300 requests in the server. Steps To Reproduce: [add details for how we can reproduce the issue] Listen 8000 port: python -m SimpleHTTPServer 8000 command: nohup ./curl -vv 'http://127.0.0.1:8000/[1-9999999999999999999]/' & Check the server resource process. There are a lot of network requests and CPU consumption. Supporting Material/References: [list any additional material (e.g. screenshots, logs, etc.)] [attachment / reference] Impact With this function, the resources of the server running curl request can be excessively consumed or a large number of URL accesses to other websites can be initiated, resulting in denial of... ...