curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

References

lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

rhn.redhat.com/errata/RHSA-2016-2575.html

rhn.redhat.com/errata/RHSA-2016-2957.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/92754

www.securitytracker.com/id/1036739

access.redhat.com/errata/RHSA-2018:3558

bugzilla.redhat.com/show_bug.cgi?id=1373229

curl.haxx.se/docs/adv_20160907.html

github.com/curl/curl/commit/curl-7_50_2~32

lists.debian.org/debian-lts-announce/2018/11/msg00005.html

security.gentoo.org/glsa/201701-47

alpinelinux 2

cve 2

prion 2

ubuntucve 2

debiancve 2

nvd 2

openvas 23

centos 1

nessus 32

oraclelinux 1

ibm 7

redhat 3

amazon 2

redhatcve 2

debian 4

osv 4

cvelist 1

veracode 2

broadcom 1

fedora 2

freebsd 1

ubuntu 2

kaspersky 1

mageia 1

archlinux 1

cloudfoundry 2

slackware 1

suse 3

gentoo 1

apple 2

photon 2

androidsecurity 1

oracle 2

alpinelinux

CVE-2016-7141

2016-10-03 21:59:08

CVE-2016-5420

2016-08-10 14:59:05

cve

CVE-2016-7141

2016-10-03 21:59:08

CVE-2016-5420

2016-08-10 14:59:05

prion

Authentication flaw

2016-10-03 21:59:00

Authentication flaw

2016-08-10 14:59:00

ubuntucve

CVE-2016-7141

2016-10-03 00:00:00

CVE-2016-5420

2016-08-03 00:00:00

debiancve

CVE-2016-7141

2016-10-03 21:59:08

CVE-2016-5420

2016-08-10 14:59:05

nvd

CVE-2016-7141

2016-10-03 21:59:08

CVE-2016-5420

2016-08-10 14:59:05

openvas

SUSE: Security Advisory (SUSE-SU-2016:2449-1)

2021-06-09 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2016-1074)

2020-01-23 00:00:00

RedHat Update for curl RHSA-2016:2575-02

2016-11-04 00:00:00

centos

curl, libcurl security update

2016-11-25 15:56:44

nessus

Scientific Linux Security Update : curl on SL7.x x86_64 (20161103)

2016-12-15 00:00:00

Oracle Linux 7 : curl (ELSA-2016-2575)

2016-11-11 00:00:00

RHEL 7 : curl (RHSA-2016:2575)

2016-11-04 00:00:00

oraclelinux

curl security, bug fix, and enhancement update

2016-11-09 00:00:00

ibm

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

2018-06-18 01:34:51

Security Bulletin: Vulnerabilities in cURL affect PowerKVM

2018-06-18 01:34:47

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in cURL/libcURL (CVE-2016-7141)

2023-12-07 22:31:03

redhat

(RHSA-2016:2575) Moderate: curl security, bug fix, and enhancement update

2016-11-03 06:07:14

(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update

2018-11-13 08:00:33

(RHSA-2016:2957) Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release

2016-12-15 22:02:12

amazon

Low: curl

2016-09-27 10:30:00

Medium: curl

2016-08-17 13:30:00

redhatcve

CVE-2016-7141

2019-10-08 10:52:46

CVE-2016-5420

2016-08-03 09:48:41

debian

[SECURITY] [DLA 616-1] curl security update

2016-09-09 11:48:43

[SECURITY] [DLA 1568-1] curl security update

2018-11-06 21:01:10

[SECURITY] [DLA 586-1] curl security update

2016-08-04 17:47:12

osv

CVE-2016-5420

2016-08-10 14:59:00

curl - security update

2016-08-04 00:00:00

curl - security update

2016-08-03 00:00:00

cvelist

CVE-2016-5420

2016-08-10 14:00:00

veracode

Session Hijacking

2019-05-02 05:51:10

Session Hijacking

2019-05-02 05:51:10

broadcom

BSA-2017-216

2017-03-31 00:00:00

fedora

[SECURITY] Fedora 24 Update: curl-7.47.1-6.fc24

2016-08-05 20:56:11

[SECURITY] Fedora 23 Update: curl-7.43.0-8.fc23

2016-08-16 22:24:26

freebsd

Vulnerabilities in Curl

2016-08-03 00:00:00

ubuntu

curl vulnerabilities

2016-08-08 00:00:00

curl vulnerabilities

2016-11-03 00:00:00

kaspersky

KLA10859 Security bypass vulnerabilities in cURL

2016-08-03 00:00:00

mageia

Updated curl packages fix security vulnerability

2016-08-31 18:32:33

archlinux

curl: multiple issues

2016-08-08 00:00:00

cloudfoundry

USN-3048-1 curl vulnerability | Cloud Foundry

2016-08-25 00:00:00

USN-3123-1: curl vulnerabilities | Cloud Foundry

2016-12-13 00:00:00

slackware

[slackware-security] curl

2016-08-06 21:10:00

suse

Security update for curl (important)

2016-11-02 16:09:54

Security update for SLES 12 Docker image (important)

2017-10-11 03:06:53

Security update for SLES 12-SP1 Docker image (important)

2017-10-11 03:07:32

gentoo

cURL: Multiple vulnerabilities

2017-01-19 00:00:00

apple

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite

2016-12-13 00:00:00

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support

2020-07-27 08:14:17

photon

Critical Photon OS Security Update - PHSA-2023-4.0-0420

2023-07-05 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0603

2023-06-26 00:00:00

androidsecurity

Android Security Bulletin—December 2016

2016-12-05 00:00:00

oracle

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVELIST:CVE-2016-7141