7.5

CVE-2016-7141

EPSS 0.42%
Veröffentlicht 03.10.2016 21:59:08
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Leap Version42.1

Haxx ≫ Libcurl Version <= 7.50.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.613

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

https://security.gentoo.org/glsa/201701-47

http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2575.html

https://access.redhat.com/errata/RHSA-2018:3558

http://www.securitytracker.com/id/1036739

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/92754

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1373229

Issue Tracking

https://curl.haxx.se/docs/adv_20160907.html

Patch

Vendor Advisory

https://github.com/curl/curl/commit/curl-7_50_2~32

Patch

Issue Tracking

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

https://nvd.nist.gov/vuln/detail/CVE-2016-7141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-7141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-7141

EUVD