31 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-5419
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended...
RHEL 6 / 7 : httpd24 (RHSA-2018:3558)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...
Security Bulletin: Vulnerabilities in cURL/libcURL affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware
Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerabilities in cURL/libcURL. Vulnerability Details CVEID: CVE-2017-1000100 DESCRIPTION: cURL could allow a remote attacker to obtain sensitive information, caused by a TFTP URL...
Debian: Security Advisory (DLA-586-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware: Security Advisory (SSA:2016-219-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2449-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2016-1074)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
Summary Multiple security vulnerabilities have been identified in cURL/libcURL that is embedded in IBM FSM. This bulletin addresses these issues. Vulnerability Details CVEID: CVE-2016-5419 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failu...
FreeBSD : cURL -- TLS session resumption client cert bypass (again) (3e2e9b44-25ce-11e7-a175-939b30e0836d)
cURL security advisory : libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the...
cURL -- TLS session resumption client cert bypass (again)
cURL security advisory: libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the...
Security fix for the ALT Linux 8 package curl version 7.54.0-alt1
April 19, 2017 Anton Farygin 7.54.0-alt1 - new version with security fixes: CVE-2016-5419: TLS session resumption client cert bypass again...
Oracle Linux 7 : curl (ELSA-2016-2575)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2575 advisory. - fix incorrect use of a previously loaded certificate from file related to CVE-2016-5420 - acknowledge the --no-sessionid/CURLOPTSSLSESSIONIDCACHE...
cURL/libcurl 7.x < 7.50.1 Multiple Vulnerabilities
Binary data 9764.prm...
RedHat Update for curl RHSA-2016:2575-02
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : curl (openSUSE-2016-1124)
This update for curl fixes the following issues : Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fix...
CVE-2016-5419
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session...
CVE-2016-5419
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session...
CVE-2016-5419
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session...
CVE-2016-5419
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session...