Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2016-5420
Description:curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Test IDs: 1.3.6.1.4.1.25623.1.0.703638   1.3.6.1.4.1.25623.1.0.120731   1.3.6.1.4.1.25623.1.1.4.2017.2699.1   1.3.6.1.4.1.25623.1.1.4.2017.2700.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-5420
BugTraq ID: 92309
http://www.securityfocus.com/bid/92309
Debian Security Information: DSA-3638 (Google Search)
http://www.debian.org/security/2016/dsa-3638
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/
https://security.gentoo.org/glsa/201701-47
https://curl.haxx.se/docs/adv_20160803B.html
RedHat Security Advisories: RHSA-2016:2575
http://rhn.redhat.com/errata/RHSA-2016-2575.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
RedHat Security Advisories: RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2018:3558
http://www.securitytracker.com/id/1036537
http://www.securitytracker.com/id/1036739
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059
SuSE Security Announcement: openSUSE-SU-2016:2227 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html
SuSE Security Announcement: openSUSE-SU-2016:2379 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
http://www.ubuntu.com/usn/USN-3048-1




© 1998-2024 E-Soft Inc. All rights reserved.