Home CVE Database CVE-2016-5420

CVE-2016-5420

Description

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Aug 10, 2016
Related ID: --
CVSS v2: High
Modified Date: Aug 12, 2016

Find out more about CVE-2016-5420 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

libcurl

Live chat
Online