Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-2192

Опубликовано: 07 июл. 2011
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
Версия от 7.10.6 (включая) до 7.21.6 (включая)
Конфигурация 2
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия до 10.7.3 (исключая)
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.0151
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

ubuntu логотип

CVE-2011-2192

ubuntu
почти 14 лет назад

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

redhat логотип

CVE-2011-2192

redhat
около 14 лет назад

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

debian логотип

CVE-2011-2192

debian
почти 14 лет назад

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10. ...

github логотип

GHSA-2jvc-33pv-cq2m

github
около 3 лет назад

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

oracle-oval логотип

ELSA-2011-0918

oracle-oval
почти 14 лет назад

ELSA-2011-0918: curl security update (MODERATE)

EPSS

Процентиль: 80%
0.0151
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-255