curl and libcurl prior to 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote malicious users to bypass intended restrictions by resuming a session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx libcurl |
||
debian debian linux 8.0 |
||
opensuse leap 42.1 |