Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-8616

When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

Source

Severity Low

Remote Yes

Type Authentication bypass

Description

When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections.

This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

AVG-66 lib32-libcurl-gnutls 7.50.3-1 7.51.0-1 High Fixed

AVG-65 libcurl-gnutls 7.50.3-1 7.51.0-1 High Fixed

AVG-63 lib32-libcurl-compat 7.50.3-1 7.51.0-1 High Fixed

AVG-62 libcurl-compat 7.50.3-1 7.51.0-1 High Fixed

AVG-61 lib32-curl 7.50.3-1 7.51.0-1 High Fixed

AVG-60 curl 7.50.3-1 7.51.0-1 High Fixed

03 Nov 2016 ASA-201611-9 AVG-65 libcurl-gnutls High multiple issues

03 Nov 2016 ASA-201611-8 AVG-62 libcurl-compat High multiple issues

03 Nov 2016 ASA-201611-7 AVG-60 curl High multiple issues

02 Nov 2016 ASA-201611-5 AVG-63 lib32-libcurl-compat High multiple issues

02 Nov 2016 ASA-201611-4 AVG-61 lib32-curl High multiple issues

03 Nov 2016 ASA-201611-10 AVG-66 lib32-libcurl-gnutls High multiple issues

https://curl.haxx.se/docs/adv_20161102B.html

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect