4.3

CVE-2011-2192

EPSS 2.05%
Veröffentlicht 07.07.2011 21:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haxx ≫ Libcurl Version >= 7.10.6 <= 7.21.6

Apple ≫ macOS X Version < 10.7.3

Fedoraproject ≫ Fedora Version14

Fedoraproject ≫ Fedora Version15

Debian ≫ Debian Linux Version5.0

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version10.10

Canonical ≫ Ubuntu Linux Version11.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.05%	0.833

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/45047

Third Party Advisory

http://www.ubuntu.com/usn/USN-1158-1

Third Party Advisory

http://secunia.com/advisories/48256

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201203-02.xml

Third Party Advisory

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT5130

Third Party Advisory

http://curl.haxx.se/curl-gssapi-delegation.patch

Broken Link

http://curl.haxx.se/docs/adv_20110623.html

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/45067

Third Party Advisory

http://secunia.com/advisories/45088

Third Party Advisory

http://secunia.com/advisories/45144

Third Party Advisory

http://secunia.com/advisories/45181

Third Party Advisory

http://www.debian.org/security/2011/dsa-2271

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:116

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-0918.html

Third Party Advisory

http://www.securitytracker.com/id?1025713

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=711454

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2011-2192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2192

EUVD