7.5

CVE-2007-3564

libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibcurlLibcurl Version7.14
LibcurlLibcurl Version7.14.1
LibcurlLibcurl Version7.15
LibcurlLibcurl Version7.15.1
LibcurlLibcurl Version7.15.2
LibcurlLibcurl Version7.15.3
LibcurlLibcurl Version7.16.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.3% 0.81
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/26231
http://www.trustix.org/errata/2007/0023/
http://secunia.com/advisories/26104
Patch
Vendor Advisory
http://secunia.com/advisories/26108
Patch
Vendor Advisory
http://secunia.com/advisories/26128
http://www.curl.haxx.se/docs/adv_20070710.html
Patch
Vendor Advisory
http://www.debian.org/security/2007/dsa-1333
http://www.securityfocus.com/bid/24938
http://www.ubuntu.com/usn/usn-484-1
Patch
http://www.vupen.com/english/advisories/2007/2551
https://exchange.xforce.ibmcloud.com/vulnerabilities/35479