Home > Vulnerability Database > CVE-2016-5420

Mend.io Vulnerability Database

CVE-2016-5420

Good to know:

Date: August 10, 2016

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

Language: C

Severity Score

7.5

Related Resources (23)

Url: http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html

Url: https://security.gentoo.org/glsa/201701-47

Url: http://www.debian.org/security/2016/dsa-3638

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-5420

Url: http://rhn.redhat.com/errata/RHSA-2016-2575.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLPXQQKURBQFM4XM6645VRPTOE2AWG33/

Url: https://security-tracker.debian.org/tracker/CVE-2016-5420

Url: https://access.redhat.com/errata/RHSA-2018:3558

Url: https://access.redhat.com/security/cve/CVE-2016-5420

Url: https://source.android.com/security/bulletin/2016-12-01.html

Url: http://www.securitytracker.com/id/1036739

Url: http://www.securitytracker.com/id/1036537

Url: https://curl.haxx.se/docs/adv_20160803B.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3GQH4V3XAQ5Z53AMQRDEC3C3UHTW7QR/

Url: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059

Url: http://rhn.redhat.com/errata/RHSA-2016-2957.html

Url: http://www.securityfocus.com/bid/92309

Url: http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html

Url: http://www.ubuntu.com/usn/USN-3048-1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5420

Url: https://www.tenable.com/security/tns-2016-18

Url: https://www.mend.io/vulnerability-database/CVE-2016-5420

Severity Score

7.5

Weakness Type (CWE)

Improper Authorization

CWE-285

Authentication Bypass by Primary Weakness

CWE-305

Top Fix

Upgrade Version

Upgrade to version 7.50.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-5420

Good to know:

Date: August 10, 2016

Language: C

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?