CVE-2022-30115 — Vulnetix

CVE-2022-30115 PUBLISHED

EPSS 0.11% · 28.7th percentile

Risk Scores

EPSS Score

0.11%

28.7th percentile

Affected Products

Vendor	Product	Versions
Amazon	curl

Exploit Intelligence

HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115 (hackerone)
HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115 (hackerone)
HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115 (hackerone)
Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match (hackerone)
Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match (hackerone)
Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match (hackerone)
https://hackerone.com/reports/1557449 (nist-nvd)
CVE-2022-30115: HSTS bypass via trailing dot (hackerone)
CVE-2022-30115: HSTS bypass via trailing dot (hackerone)
CVE-2022-30115: HSTS bypass via trailing dot (hackerone)

…and 18 more exploits

Timeline

CVE Published
May 11, 2022 PoC Published
Jun 2, 2022 EPSS Score
Jun 11, 2022 PoC Published
Jul 22, 2022 EPSS Score
Sep 8, 2022 EPSS Score
Oct 27, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 1, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 21, 2023 EPSS Score
May 9, 2023 EPSS Score

References

ALAS2023-2023-083: curl (medium) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›