Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8616

Опубликовано: 02 нояб. 2016
Источник: redhat
CVSS3: 3.7
CVSS2: 2.6

Описание

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 1.0 on Red Hat Enterprise Linuxrh-dotnetcore10-curlOut of support scope
.NET Core 1.1 on Red Hat Enterprise Linuxrh-dotnetcore11-curlOut of support scope
.NET Core 2.0 on Red Hat Enterprise Linuxrh-dotnet20-curlOut of support scope
Red Hat Enterprise Linux 5curlWill not fix
Red Hat Enterprise Linux 6curlWill not fix
Red Hat Enterprise Linux 7curlWill not fix
Red Hat Enterprise Virtualization 3mingw-virt-viewerWill not fix
Red Hat JBoss Enterprise Web Server 3curlFix deferred
Red Hat Software Collections for Red Hat Enterprise Linux 6httpd24-curlFixedRHSA-2018:355813.11.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6httpd24-httpdFixedRHSA-2018:355813.11.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1388371curl: Case insensitive password comparison

3.7 Low

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8616

CVSS3: 3.7
ubuntu
почти 7 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

nvd логотип

CVE-2016-8616

CVSS3: 3.7
nvd
почти 7 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

debian логотип

CVE-2016-8616

CVSS3: 3.7
debian
почти 7 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connect ...

github логотип

GHSA-22qv-x7vv-h86h

CVSS3: 5.9
github
около 3 лет назад

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

suse-cvrf логотип

openSUSE-SU-2016:2768-1

suse-cvrf
больше 8 лет назад

Security update for curl

3.7 Low

CVSS3

2.6 Low

CVSS2