Описание
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-5419
- https://access.redhat.com/errata/RHSA-2018:3558
- https://curl.haxx.se/docs/adv_20160803A.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR
- https://security.gentoo.org/glsa/201701-47
- https://source.android.com/security/bulletin/2016-12-01.html
- https://www.tenable.com/security/tns-2016-18
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
- http://rhn.redhat.com/errata/RHSA-2016-2575.html
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://www.debian.org/security/2016/dsa-3638
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/92292
- http://www.securityfocus.com/bid/92319
- http://www.securitytracker.com/id/1036538
- http://www.securitytracker.com/id/1038341
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
- http://www.ubuntu.com/usn/USN-3048-1
Связанные уязвимости
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
curl and libcurl before 7.50.1 do not prevent TLS session resumption w ...
