Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-8616

Опубликовано: 01 авг. 2018
Источник: nvd
CVSS3: 3.7
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Версия до 7.51.0 (исключая)

EPSS

Процентиль: 87%
0.03604
Низкий

3.7 Low

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-592
CWE-255

Связанные уязвимости

ubuntu логотип

CVE-2016-8616

CVSS3: 3.7
ubuntu
почти 7 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

redhat логотип

CVE-2016-8616

CVSS3: 3.7
redhat
больше 8 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

debian логотип

CVE-2016-8616

CVSS3: 3.7
debian
почти 7 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connect ...

github логотип

GHSA-22qv-x7vv-h86h

CVSS3: 5.9
github
около 3 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

suse-cvrf логотип

openSUSE-SU-2016:2768-1

suse-cvrf
больше 8 лет назад

Security update for curl

EPSS

Процентиль: 87%
0.03604
Низкий

3.7 Low

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-592
CWE-255