4.3

CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxLibcurl Version >= 7.10.6 <= 7.21.6
ApplemacOS X Version < 10.7.3
FedoraprojectFedora Version14
FedoraprojectFedora Version15
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version10.10
CanonicalUbuntu Linux Version11.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.99% 0.856
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/45047
Third Party Advisory
http://www.ubuntu.com/usn/USN-1158-1
Third Party Advisory
http://secunia.com/advisories/48256
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201203-02.xml
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT5130
Third Party Advisory
http://curl.haxx.se/curl-gssapi-delegation.patch
Broken Link
http://curl.haxx.se/docs/adv_20110623.html
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/45067
Third Party Advisory
http://secunia.com/advisories/45088
Third Party Advisory
http://secunia.com/advisories/45144
Third Party Advisory
http://secunia.com/advisories/45181
Third Party Advisory
http://www.debian.org/security/2011/dsa-2271
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:116
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0918.html
Third Party Advisory
http://www.securitytracker.com/id?1025713
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=711454
Third Party Advisory
Issue Tracking