7 matches found
Security Bulletin: Aspera Web Applications (Faspex, Console) and On Demand products are affected by OpenSSL Vulnerability (CVE-2017-7468)
Summary Aspera Web Applications Faspex, Console and On Demand products have addressed the following OpenSSL vulnerability. Vulnerability Details CVEID:CVE-2017-7468 DESCRIPTION: No CVE description. CVSS Base Score: 3.1 CVSS Temporal Score: See Not Applicable for the current score CVSS Environment...
CVE-2017-7468
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which...
CVE-2017-7468
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which...
Fedora 26 : curl (2017-3eec07cb06)
fix switching off SSL session id when client cert is used CVE-2017-7468 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
[ASA-201704-12] curl: certificate verification bypass
Arch Linux Security Advisory ASA-201704-12 ========================================== Severity: Medium Date : 2017-04-29 CVE-ID : CVE-2017-7468 Package : curl Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-241 Summary ======= The package curl before...
Ubuntu: Security Advisory (USN-3262-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CURL-CVE-2017-7468 TLS session resumption client cert bypass (again)
libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate or no...