Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5420

Опубликовано: 03 авг. 2016
Источник: redhat
CVSS3: 4.2
CVSS2: 4.9
EPSS Низкий

Описание

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 1.0 on Red Hat Enterprise Linuxrh-dotnetcore10-curlOut of support scope
.NET Core 1.1 on Red Hat Enterprise Linuxrh-dotnetcore11-curlOut of support scope
.NET Core 2.0 on Red Hat Enterprise Linuxrh-dotnet20-curlOut of support scope
.NET Core 2.1 on Red Hat Enterprise Linuxrh-dotnet21-curlWill not fix
Red Hat Enterprise Linux 5curlWill not fix
Red Hat Enterprise Linux 6curlWill not fix
Red Hat Enterprise Virtualization 3mingw-virt-viewerWill not fix
Red Hat JBoss Enterprise Web Server 3curlAffected
Red Hat Enterprise Linux 7curlFixedRHSA-2016:257503.11.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6httpd24-curlFixedRHSA-2018:355813.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1362190curl: Re-using connection with wrong client cert

EPSS

Процентиль: 77%
0.011
Низкий

4.2 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5420

CVSS3: 7.5
ubuntu
около 9 лет назад

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

nvd логотип

CVE-2016-5420

CVSS3: 7.5
nvd
около 9 лет назад

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

debian логотип

CVE-2016-5420

CVSS3: 7.5
debian
около 9 лет назад

curl and libcurl before 7.50.1 do not check the client certificate whe ...

github логотип

GHSA-qpjh-642g-hgh8

CVSS3: 7.5
github
больше 3 лет назад

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

suse-cvrf логотип

SUSE-SU-2016:2449-1

suse-cvrf
почти 9 лет назад

Security update for curl

EPSS

Процентиль: 77%
0.011
Низкий

4.2 Medium

CVSS3

4.9 Medium

CVSS2