Linux Distros Unpatched Vulnerability : CVE-2016-7141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of...

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in cURL/libcURL (CVE-2016-7141)

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerability in cURL/libcURL. Vulnerability Details CVEID: CVE-2016-7141 DESCRIPTION: cURL/libcURL client certificates could allow a remote attacker to bypass security restrictions, caused by an implementation error of...

SUSE: Security Advisory (SUSE-SU-2016:2449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2016-1074)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-7141

It was found that the libcurl library using the NSS Network Security Services library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveragin...

Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update

An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

[SECURITY] [DLA 1568-1] curl security update

Package : curl Version : 7.38.0-4+deb8u13 CVE ID : CVE-2016-7141 CVE-2016-7167 CVE-2016-9586 CVE-2018-16839 CVE-2018-16842 Debian Bug : 848958 837945 836918 Several vulnerabilities were discovered in cURL, an URL transfer library. CVE-2016-7141 When built with NSS and the libnsspem.so library is...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in cURL (CVE-2016-7141 CVE-2018-1000007)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in cURL. Vulnerability Details CVEID: CVE-2018-1000007 DESCRIPTION: cURL liburl could allow a remote attacker to obtain sensitive information, caused by a flaw when passing on custom Authorization:...

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

Summary Multiple security vulnerabilities have been identified in cURL/libcURL that is embedded in IBM FSM. This bulletin addresses these issues. Vulnerability Details CVEID: CVE-2016-5419 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failu...

RedHat Update for curl RHSA-2016:2575-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3123-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

CVE-2016-7141

CVE-2016-7141 affects curl/libcurl up to version 7.50.1 (before 7.50.2) when built with NSS and the libnsspem.so runtime library is available. The root issue is TLS client certificate reuse: a previously loaded client certificate from file could be reused for a new TLS connection that has no cert...

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

openSUSE Security Update : curl (openSUSE-2016-1124)

This update for curl fixes the following issues : Security issues fixed : - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-5421: use of connection struct after free bsc991391 - CVE-2016-7141: Fix...

[SECURITY] [DLA 616-1] curl security update

Package : curl Version : 7.26.0-1+wheezy15 CVE ID : CVE-2016-7141 Debian Bug : 836918 It was discovered that libcurl built on top of NSS Network Security Services incorrectly re-used client certificates if a certificate from file was used for one TLS connection but no certificate set for a...