Lucene search
K

30 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.104 views

K35453761: cURL and libcurl vulnerability CVE-2017-2628

Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...

9.8CVSS7.9AI score0.0401EPSS
Exploits0Affected Software19
Rockylinux
Rockylinux
added 2022/05/17 7:15 a.m.15 views

new packages: perl-HTTP-Negotiate

An update is available for perl-HTTP-Negotiate. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

2.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/02/19 12:0 a.m.39 views

F5 Networks BIG-IP : cURL and libcurl vulnerability (K35453761)

cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6...

9.8CVSS7.1AI score0.17942EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 8:56 a.m.19 views

Authentication Bypass

elinks is vulnerable to authentication bypass attacks. The vulnerability exists as the httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which...

5.1CVSS6.3AI score0.0191EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2018/03/12 3:29 p.m.23 views

Code injection

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl...

7.5CVSS9.2AI score0.17942EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2017/04/07 12:0 a.m.35 views

RedHat Update for curl RHSA-2017:0847-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.17942EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/03/29 6:32 a.m.60 views

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS6.6AI score0.17942EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/03/29 6:32 a.m.5 views

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server...

9.8CVSS6.8AI score0.17942EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/01/03 1:0 a.m.13 views

CVE-2012-4545

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

6.2AI score0.0191EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2013/01/03 1:0 a.m.14 views

CVE-2012-4545

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

5.1CVSS5.7AI score0.0191EPSS
Exploits0
Rows per page
Query Builder