Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/08/14 10:57 p.m.34 views

Security Bulletin: Aspera Web Applications (Faspex, Console) and On Demand products are affected by OpenSSL Vulnerability (CVE-2017-7468)

Summary Aspera Web Applications Faspex, Console and On Demand products have addressed the following OpenSSL vulnerability. Vulnerability Details CVEID:CVE-2017-7468 DESCRIPTION: No CVE description. CVSS Base Score: 3.1 CVSS Temporal Score: See Not Applicable for the current score CVSS Environment...

7.5CVSS1.4AI score0.01862EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2018/07/16 1:0 p.m.30 views

CVE-2017-7468

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which...

7.5CVSS6.8AI score0.01862EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/07/16 1:0 p.m.64 views

CVE-2017-7468

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which...

7.5CVSS7.7AI score0.01862EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.40 views

Fedora 26 : curl (2017-3eec07cb06)

fix switching off SSL session id when client cert is used CVE-2017-7468 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

7.5CVSS6.4AI score0.01862EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2017/04/29 12:0 a.m.40 views

[ASA-201704-12] curl: certificate verification bypass

Arch Linux Security Advisory ASA-201704-12 ========================================== Severity: Medium Date : 2017-04-29 CVE-ID : CVE-2017-7468 Package : curl Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-241 Summary ======= The package curl before...

7.5CVSS0.1AI score0.01862EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/04/24 12:0 a.m.41 views

Ubuntu: Security Advisory (USN-3262-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01862EPSS
Exploits0References2
OSV
OSV
added 2017/04/19 8:0 a.m.6 views

CURL-CVE-2017-7468 TLS session resumption client cert bypass (again)

libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate or no...

7.5CVSS7.5AI score0.01862EPSS
Exploits0
Rows per page
Query Builder