7.5

CVE-2016-5420

EPSS 1.09%
Veröffentlicht 10.08.2016 14:59:05
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 21

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version8.0

Haxx ≫ Libcurl Version <= 7.50.0

Opensuse ≫ Leap Version42.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.09%	0.776

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

https://source.android.com/security/bulletin/2016-12-01.html

https://security.gentoo.org/glsa/201701-47

https://www.tenable.com/security/tns-2016-18

http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html

http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2575.html

http://www.debian.org/security/2016/dsa-3638

Third Party Advisory

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059

http://www.ubuntu.com/usn/USN-3048-1

https://access.redhat.com/errata/RHSA-2018:3558

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/

http://www.securityfocus.com/bid/92309

http://www.securitytracker.com/id/1036537

http://www.securitytracker.com/id/1036739

https://curl.haxx.se/docs/adv_20160803B.html

Patch

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2016-5420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5420

EUVD