Showing 1 - 5 of 5

CVE-2016-7141

Status Candidate

Overview

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

Related Files

Red Hat Security Advisory 2018-3558-01: Posted Nov 13, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3558-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, null pointer, out of bounds write, and use-after-free vulnerabilities.; tags | advisory, web, denial of service, overflow, vulnerability; systems | linux, redhat; advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-15710, CVE-2017-15715, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007; SHA-256 | 4abdca181cc67933f360c5393ddadd7197a24c99bd7985727a9e00a4d0cad5b6; Download | Favorite | View

Gentoo Linux Security Advisory 201701-47: Posted Jan 20, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201701-47 - Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 7.52.1 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2014-8150, CVE-2014-8151, CVE-2016-0755, CVE-2016-3739, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2016-9594; SHA-256 | ed17dde2328ade9790f91afaff126cf8be5cf927530ff9055acf129e816be470; Download | Favorite | View

Apple Security Advisory 2016-12-13-1: Posted Dec 14, 2016; Authored by Apple | Site apple.com; Apple Security Advisory 2016-12-13-1 - macOS 10.12.2 is now available and addresses arbitrary code execution, denial of service, and various other vulnerabilities.; tags | advisory, denial of service, arbitrary, vulnerability, code execution; systems | apple; advisories | CVE-2016-1777, CVE-2016-1823, CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-6303, CVE-2016-6304, CVE-2016-7141, CVE-2016-7167, CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604; SHA-256 | 68bf50743be919151d9547b2351d633298a9bfe57d7160fac7541f89315f5b98; Download | Favorite | View

Ubuntu Security Notice USN-3123-1: Posted Nov 4, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3123-1 - It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624; SHA-256 | 9a583cd9fd7d0779073b4a1732e533632181d0c8e3450d97b2e4e7952b834f9c; Download | Favorite | View

Red Hat Security Advisory 2016-2575-02: Posted Nov 3, 2016; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2016-2575-02 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.; tags | advisory, web, protocol; systems | linux, redhat; advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-7141; SHA-256 | 6ded3ee3863bdea0ccb1e1da6586004598947276a437a6a908d555e08d3dca4d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 180 files
Ubuntu 70 files
malvuln 48 files
Apple 8 files
Google Security Research 8 files
nu11secur1ty 7 files
Ahmed Alroky 6 files
Hassan Khan Yusufzai 4 files
Saud Alenazi 4 files
Jann Horn 3 files

File Archives

Systems

AIX (426)
Apple (1,883)
BSD (368)
CentOS (55)
Cisco (1,913)
Debian (5,948)
Fedora (1,690)
FreeBSD (1,241)
Gentoo (4,152)
HPUX (878)
iOS (318)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (42,129)
Mac OS X (683)
Mandriva (3,105)
NetBSD (255)
OpenBSD (478)
RedHat (11,507)
Slackware (941)
Solaris (1,607)
SUSE (1,444)
Ubuntu (7,801)
UNIX (9,062)
UnixWare (185)
Windows (6,406)
Other

CVE-2016-7141

Overview

Related Files

File Archive:

May 2022

Top Authors In Last 30 Days

File Tags

File Archives

Systems