4.3
CVE-2011-2192
- EPSS 2.99%
- Veröffentlicht 07.07.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:30:53
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version14
Fedoraproject ≫ Fedora Version15
Debian ≫ Debian Linux Version5.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version10.10
Canonical ≫ Ubuntu Linux Version11.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.99% | 0.856 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
http://secunia.com/advisories/45047
http://www.ubuntu.com/usn/USN-1158-1
http://secunia.com/advisories/48256
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130
http://curl.haxx.se/curl-gssapi-delegation.patch
http://curl.haxx.se/docs/adv_20110623.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html
http://secunia.com/advisories/45067
http://secunia.com/advisories/45088
http://secunia.com/advisories/45144
http://secunia.com/advisories/45181
http://www.debian.org/security/2011/dsa-2271
http://www.mandriva.com/security/advisories?name=MDVSA-2011:116
http://www.redhat.com/support/errata/RHSA-2011-0918.html
http://www.securitytracker.com/id?1025713
https://bugzilla.redhat.com/show_bug.cgi?id=711454