CVE-2016-7141

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

References

http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

http://rhn.redhat.com/errata/RHSA-2016-2575.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/92754

http://www.securitytracker.com/id/1036739

https://access.redhat.com/errata/RHSA-2018:3558

https://bugzilla.redhat.com/show_bug.cgi?id=1373229

https://curl.haxx.se/docs/adv_20160907.html

https://github.com/curl/curl/commit/curl-7_50_2~32

https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html

https://security.gentoo.org/glsa/201701-47

Details

Source: MITRE

Published: 2016-10-03

Updated: 2018-11-13

Type: CWE-287

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* versions up to 7.50.1 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
125002EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)NessusHuawei Local Security Checks
critical
118753Debian DLA-1568-1 : curl security updateNessusDebian Local Security Checks
critical
106435SUSE SLES11 Security Update : curl (SUSE-SU-2018:0230-1)NessusSuSE Local Security Checks
critical
99834EulerOS 2.0 SP1 : curl (EulerOS-SA-2016-1074)NessusHuawei Local Security Checks
high
96644GLSA-201701-47 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
95917macOS 10.12.x < 10.12.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
95835Scientific Linux Security Update : curl on SL7.x x86_64 (20161103)NessusScientific Linux Local Security Checks
high
95322CentOS 7 : curl (CESA-2016:2575)NessusCentOS Local Security Checks
high
94698Oracle Linux 7 : curl (ELSA-2016-2575)NessusOracle Linux Local Security Checks
high
94574Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : curl vulnerabilities (USN-3123-1)NessusUbuntu Local Security Checks
critical
94538RHEL 7 : curl (RHSA-2016:2575)NessusRed Hat Local Security Checks
high
93862SUSE SLES11 Security Update : curl (SUSE-SU-2016:2449-1)NessusSuSE Local Security Checks
high
93743Amazon Linux AMI : curl (ALAS-2016-742)NessusAmazon Linux Local Security Checks
critical
93708openSUSE Security Update : curl (openSUSE-2016-1124)NessusSuSE Local Security Checks
high
93591SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2016:2330-1)NessusSuSE Local Security Checks
high
93414Debian DLA-616-1 : curl security updateNessusDebian Local Security Checks
high