CVE-2016-5419

Опубликовано: 10 авг. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Версия до 7.50.0 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.02128

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

CVE-2016-5419

CVSS3: 7.5

ubuntu

около 9 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

CVE-2016-5419

CVSS3: 4.8

redhat

около 9 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

CVE-2016-5419

CVSS3: 7.5

debian

около 9 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption w ...

GHSA-j5mq-cppw-g9w7

CVSS3: 7.5

github

больше 3 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

SUSE-SU-2016:2449-1

suse-cvrf

почти 9 лет назад

Security update for curl

EPSS

Процентиль: 83%

0.02128

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-310