exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2016-5419

Status Candidate

Overview

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.

Related Files

Red Hat Security Advisory 2018-3558-01
Posted Nov 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3558-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, null pointer, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-15710, CVE-2017-15715, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007
SHA-256 | 4abdca181cc67933f360c5393ddadd7197a24c99bd7985727a9e00a4d0cad5b6
Gentoo Linux Security Advisory 201701-47
Posted Jan 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-47 - Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 7.52.1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8150, CVE-2014-8151, CVE-2016-0755, CVE-2016-3739, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2016-9594
SHA-256 | ed17dde2328ade9790f91afaff126cf8be5cf927530ff9055acf129e816be470
Apple Security Advisory 2016-12-13-1
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-1 - macOS 10.12.2 is now available and addresses arbitrary code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2016-1777, CVE-2016-1823, CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-6303, CVE-2016-6304, CVE-2016-7141, CVE-2016-7167, CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604
SHA-256 | 68bf50743be919151d9547b2351d633298a9bfe57d7160fac7541f89315f5b98
Red Hat Security Advisory 2016-2575-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2575-02 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-7141
SHA-256 | 6ded3ee3863bdea0ccb1e1da6586004598947276a437a6a908d555e08d3dca4d
Ubuntu Security Notice USN-3048-1
Posted Aug 8, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3048-1 - Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. It was discovered that curl incorrectly handled client certificates when reusing TLS connections. Marcelo Echeverria and Fernando Munoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421
SHA-256 | 8ee3fb48b7adc731def079b1e3c45d9ade172bb87d565756b2eb899f2c16762d
Slackware Security Advisory - curl Updates
Posted Aug 8, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421
SHA-256 | 5693aa89ea5da65762d9d22ad391e75c64eb5a352d4ed11267605e036c849f0d
Debian Security Advisory 3638-1
Posted Aug 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3638-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421
SHA-256 | e04de6812e9e2686a674a0315737bd48ecc81989e51936268323bf64692a8bcc
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close