4.3

CVE-2011-2192

EPSS 1.51%
Published 07.07.2011 21:55:02
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Haxx ≫ Libcurl Version >= 7.10.6 <= 7.21.6

Apple ≫ macOS X Version < 10.7.3

Fedoraproject ≫ Fedora Version14

Fedoraproject ≫ Fedora Version15

Debian ≫ Debian Linux Version5.0

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version10.10

Canonical ≫ Ubuntu Linux Version11.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.51%	0.794

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://secunia.com/advisories/45047

Third Party Advisory

http://www.ubuntu.com/usn/USN-1158-1

Third Party Advisory

http://secunia.com/advisories/48256

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201203-02.xml

Third Party Advisory

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT5130

Third Party Advisory

http://curl.haxx.se/curl-gssapi-delegation.patch

Broken Link

http://curl.haxx.se/docs/adv_20110623.html

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/45067

Third Party Advisory

http://secunia.com/advisories/45088

Third Party Advisory

http://secunia.com/advisories/45144

Third Party Advisory

http://secunia.com/advisories/45181

Third Party Advisory

http://www.debian.org/security/2011/dsa-2271

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:116

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-0918.html

Third Party Advisory

http://www.securitytracker.com/id?1025713

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=711454

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2011-2192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2192

EUVD