It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

References

bugzilla.redhat.com/show_bug.cgi?id=1362190

curl.haxx.se/docs/adv_20160803B.html

debiancve 2

prion 2

osv 3

broadcom 1

alpinelinux 2

veracode 1

ubuntucve 2

cve 2

nessus 25

openvas 19

ibm 5

debian 3

fedora 2

ubuntu 1

freebsd 1

mageia 1

kaspersky 1

oraclelinux 1

centos 1

archlinux 1

redhat 3

cloudfoundry 1

slackware 1

amazon 2

suse 3

gentoo 1

photon 2

apple 2

androidsecurity 1

oracle 2

debiancve

CVE-2016-5420

2016-08-10 14:59:00

CVE-2016-7141

2016-10-03 21:59:00

prion

Authentication flaw

2016-08-10 14:59:00

Authentication flaw

2016-10-03 21:59:00

osv

CVE-2016-5420

2016-08-10 14:59:00

curl - security update

2016-08-04 00:00:00

curl - security update

2016-08-03 00:00:00

broadcom

BSA-2017-216

2017-03-31 00:00:00

alpinelinux

CVE-2016-5420

2016-08-10 14:59:00

CVE-2016-7141

2016-10-03 21:59:00

veracode

Session Hijacking

2019-05-02 05:51:10

ubuntucve

CVE-2016-5420

2016-08-03 00:00:00

CVE-2016-7141

2016-10-03 00:00:00

cve

CVE-2016-5420

2016-08-10 14:59:00

CVE-2016-7141

2016-10-03 21:59:00

nessus

Debian DLA-586-1 : curl security update

2016-08-05 00:00:00

Ubuntu 14.04 LTS / 16.04 LTS : curl vulnerabilities (USN-3048-1)

2016-08-09 00:00:00

RHEL 7 : curl (RHSA-2016:2575)

2016-11-04 00:00:00

openvas

Debian: Security Advisory (DLA-586-1)

2023-03-08 00:00:00

Debian Security Advisory DSA 3638-1 (curl - security update)

2016-08-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:2449-1)

2021-06-09 00:00:00

ibm

Security Bulletin: Vulnerabilities in cURL/libcURL affect IBM Flex System Chassis Management Module

2019-01-31 02:25:02

Security Bulletin: Vulnerabilities in cURL/libcURL affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware

2023-12-07 22:31:02

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

2018-06-18 01:34:51

debian

[SECURITY] [DLA 586-1] curl security update

2016-08-04 17:47:12

[SECURITY] [DSA 3638-1] curl security update

2016-08-03 12:53:27

[SECURITY] [DLA 1568-1] curl security update

2018-11-06 21:01:10

fedora

[SECURITY] Fedora 24 Update: curl-7.47.1-6.fc24

2016-08-05 20:56:11

[SECURITY] Fedora 23 Update: curl-7.43.0-8.fc23

2016-08-16 22:24:26

ubuntu

curl vulnerabilities

2016-08-08 00:00:00

freebsd

Vulnerabilities in Curl

2016-08-03 00:00:00

mageia

Updated curl packages fix security vulnerability

2016-08-31 18:32:33

kaspersky

KLA10859 Security bypass vulnerabilities in cURL

2016-08-03 00:00:00

oraclelinux

curl security, bug fix, and enhancement update

2016-11-09 00:00:00

centos

curl, libcurl security update

2016-11-25 15:56:44

archlinux

curl: multiple issues

2016-08-08 00:00:00

redhat

(RHSA-2016:2575) Moderate: curl security, bug fix, and enhancement update

2016-11-03 06:07:14

(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update

2018-11-13 08:00:33

(RHSA-2016:2957) Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release

2016-12-15 22:02:12

cloudfoundry

USN-3048-1 curl vulnerability | Cloud Foundry

2016-08-25 00:00:00

slackware

[slackware-security] curl

2016-08-06 21:10:00

amazon

Low: curl

2016-09-27 10:30:00

Medium: curl

2016-08-17 13:30:00

suse

Security update for curl (important)

2016-11-02 16:09:54

Security update for SLES 12 Docker image (important)

2017-10-11 03:06:53

Security update for SLES 12-SP1 Docker image (important)

2017-10-11 03:07:32

gentoo

cURL: Multiple vulnerabilities

2017-01-19 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-4.0-0420

2023-07-05 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0603

2023-06-26 00:00:00

apple

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support

2020-07-27 08:14:17

About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite

2016-12-13 00:00:00

androidsecurity

Android Security Bulletin—December 2016

2016-12-05 00:00:00

oracle

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for RH:CVE-2016-5420