CVE Tools
Sign in

CVE-2024-2004

Usage of disabled protocol

Published: Mar 27, 2024Updated: Jul 30, 2025 Sources: CVE List NVD BDU csafCWE-436
NVD MITRE
3.5CVSSLOW
EPSS Score
1.7%
Top 26.1%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.

CVSS Vector Breakdown

AV:NAC:LPR:LUI:RS:UC:LI:NA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:LPrivileges Required
Low
UI:RUser Interaction
Required
Scope
S:UScope
Unchanged
Impact
C:LConfidentiality
Low
I:NIntegrity
None
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-436

Affected Products

curlhaxxOSS Libraries
fedorafedoraproject
On-premOS
Operating Systems / linux-distro
macosapple
On-premOS
Operating Systems / unix-bsd
ontapnetappHardware Firmware
ontap select deploy administration utilitynetappHardware Firmware
haxxoss-projectSEOSS Librariesaka haxx.se
fedoraprojectoss-projectUSOperating Systemsaka fedora project
applecommercialUSMobile Appsaka apple inc., apple computer
netappcommercialUSHardware Firmware
and 11 more affected products View all →

Exploitability

Official Patch Available

References

http://seclists.org/fulldisclosure/2024/Jul/18
seclists.org
http://seclists.org/fulldisclosure/2024/Jul/19
seclists.org
http://seclists.org/fulldisclosure/2024/Jul/20
seclists.org
and 25 more references View all →

Timeline

Published
Mar 27, 2024
Last Updated
Jul 30, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-2004 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows