Home CVE Database CVE-2016-5420



curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Aug 10, 2016
Related ID: --
CVSS v2: High
Modified Date: Aug 12, 2016

Find out more about CVE-2016-5420 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --



Live chat