Lucene search

PRIOn knowledge basePRION:CVE-2007-3564

HistoryJul 18, 2007 - 5:30 p.m.

Design/Logic Flaw

2007-07-1817:30:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.3%

JSON

libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.

CPENameOperatorVersion
libcurleq7.15.3
libcurleq7.15.2
libcurleq7.14
libcurleq7.14.1
libcurleq7.15.1
libcurleq7.15
libcurleq7.16.3

Name	Operator	Version
libcurl	eq	7.15.3
libcurl	eq	7.15.2
libcurl	eq	7.14
libcurl	eq	7.14.1
libcurl	eq	7.15.1
libcurl	eq	7.15
libcurl	eq	7.16.3

References

secunia.com/advisories/26104

secunia.com/advisories/26108

secunia.com/advisories/26128

secunia.com/advisories/26231

www.curl.haxx.se/docs/adv_20070710.html

www.debian.org/security/2007/dsa-1333

www.securityfocus.com/bid/24938

www.trustix.org/errata/2007/0023/

www.ubuntu.com/usn/usn-484-1

www.vupen.com/english/advisories/2007/2551

exchange.xforce.ibmcloud.com/vulnerabilities/35479

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.3%

JSON

Related for PRION:CVE-2007-3564