CVE-2017-7468

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.

References

http://www.securityfocus.com/bid/97962

http://www.securitytracker.com/id/1038341

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468

https://curl.haxx.se/docs/adv_20170419.html

https://security.gentoo.org/glsa/201709-14

Details

Source: MITRE

Published: 2018-07-16

Updated: 2019-10-09

Type: CWE-295

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* versions from 7.52.0 to 7.53.1 (inclusive)

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
106504pfSense < 2.3.4 Multiple Vulnerabilities (SA-17_04)NessusFirewalls
critical
103282GLSA-201709-14 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
700170Mac OS X 10.x < 10.12.6 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
101957macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003)NessusMacOS X Local Security Checks
high
101616Fedora 26 : curl (2017-3eec07cb06)NessusFedora Local Security Checks
high
99582Ubuntu 17.04 : curl vulnerability (USN-3262-1)NessusUbuntu Local Security Checks
high
99552FreeBSD : cURL -- TLS session resumption client cert bypass (again) (3e2e9b44-25ce-11e7-a175-939b30e0836d)NessusFreeBSD Local Security Checks
high