Published: 01/08/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haxx curl

Several security issues were fixed in curl ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...

Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...

Debian Bug report logs - #836918 curl: CVE-2016-7141: Incorrect reuse of client certificates (nss backend) Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Sep 2016 08:36:01 UTC Severity: important Tags: patch, sec ...

Debian Bug report logs - #837945 curl: CVE-2016-7167: escape and unescape integer overflows Package: src:curl; Maintainer for src:curl is Alessandro Ghedini <ghedo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 15 Sep 2016 19:06:02 UTC Severity: important Tags: fixed-upstream, patch, se ...

This build resolves the following issues: CVE-2016-8615: Cookie injection for other serversCVE-2016-8616: Case insensitive password comparisonCVE-2016-8617: Out-of-bounds write via unchecked multiplicationCVE-2016-8618: Double-free in curl_maprintfCVE-2016-8619: Double-free in krb5 codeCVE-2016-8620: Glob parser write/read out of boundsCVE-2016-862 ...

A flaw was found in curl before version 7510 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reus ...

When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version ...

LCE 481 is possibly impacted by multiple vulnerabilities reported in third-party libraries Tenable has not investigated each one to determine if it is exploitable or the vulnerable code path can be reached Instead, Dev has upgraded the impacted libraries as a faster and safer alternative Due to the number of library upgrades and the potential ...

CWE-255 https://curl.haxx.se/docs/adv_20161102B.html https://curl.haxx.se/CVE-2016-8616.patch https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616 https://www.tenable.com/security/tns-2016-21 https://security.gentoo.org/glsa/201701-47 http://www.securitytracker.com/id/1037192 http://www.securityfocus.com/bid/94094 https://access.redhat.com/errata/RHSA-2018:2486 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://access.redhat.com/errata/RHSA-2018:3558 https://usn.ubuntu.com/3123-1/https://nvd.nist.gov

Get Started

CVE-2016-8616

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect