CVE-2016-5419

EPSS 2.13%
Veröffentlicht 10.08.2016 14:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haxx ≫ Libcurl Version <= 7.50.0

Debian ≫ Debian Linux Version8.0

Opensuse ≫ Leap Version42.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.13%	0.835

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

https://source.android.com/security/bulletin/2016-12-01.html

https://security.gentoo.org/glsa/201701-47

https://www.tenable.com/security/tns-2016-18

http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html

http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2575.html

http://www.debian.org/security/2016/dsa-3638

Third Party Advisory

http://www.securityfocus.com/bid/92292

http://www.securityfocus.com/bid/92319

http://www.securitytracker.com/id/1036538

http://www.securitytracker.com/id/1038341

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059

http://www.ubuntu.com/usn/USN-3048-1

https://access.redhat.com/errata/RHSA-2018:3558

https://curl.haxx.se/docs/adv_20160803A.html

Patch

Vendor Advisory

Mitigation

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/

https://nvd.nist.gov/vuln/detail/CVE-2016-5419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5419

EUVD