CVE-2016-5419

Опубликовано: 10 авг. 2016

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Релиз	Статус	Примечание
devel	not-affected	7.50.1-1ubuntu1
esm-infra-legacy/trusty	released	7.35.0-1ubuntu2.8
esm-infra/xenial	released	7.47.0-1ubuntu2.1
precise	released	7.22.0-3ubuntu4.16
precise/esm	not-affected	7.22.0-3ubuntu4.16
trusty	released	7.35.0-1ubuntu2.8
trusty/esm	released	7.35.0-1ubuntu2.8
upstream	released	7.50.1-1
vivid/stable-phone-overlay	ignored	end of life
vivid/ubuntu-core	released	7.38.0-3ubuntu2.4

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%

0.0171

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2016-5419

CVSS3: 4.8

redhat

больше 9 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

CVE-2016-5419

CVSS3: 7.5

nvd

больше 9 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

CVE-2016-5419

CVSS3: 7.5

debian

больше 9 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption w ...

GHSA-j5mq-cppw-g9w7

CVSS3: 7.5

github

больше 3 лет назад

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

SUSE-SU-2016:2449-1

suse-cvrf

около 9 лет назад

Security update for curl

EPSS

Процентиль: 82%

0.0171

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2016-5419

Описание

Пакет curl

Ссылки на источники

Связанные уязвимости