Search for vulnerabilities
Vulnerability details: VCID-w4x7-57vc-7yh7
Vulnerability ID VCID-w4x7-57vc-7yh7
Aliases CVE-2024-8096
Summary When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-295 Improper Certificate Validation
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00353 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
cvssv3.1 Medium https://curl.se/docs/CVE-2024-8096.html
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json
https://api.first.org/data/v1/epss?cve=CVE-2024-8096
https://curl.se/docs/CVE-2024-8096.html
https://curl.se/docs/CVE-2024-8096.json
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/2669852
https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html
https://security.netapp.com/advisory/ntap-20241011-0005/
http://www.openwall.com/lists/oss-security/2024/09/11/1
2310519 https://bugzilla.redhat.com/show_bug.cgi?id=2310519
CVE-2024-8096 https://nvd.nist.gov/vuln/detail/CVE-2024-8096
USN-7012-1 https://usn.ubuntu.com/7012-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.16666
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-17T19:12:32.088011+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-8096 34.0.1