KLA10815
Security bypass vulnerability in cURL
Обновлено: 17/06/2019
Дата обнаружения
18/05/2016
Уровень угрозы
Warning
Описание

An improper TLS connections handling was found in cURL. By exploiting this vulnerability malicious users can bypass sec. This vulnerability can be exploited remotely via TLS certificate manipulations.


Technical details

Libcurl affected only if mbedTLS or PolarSSL as TLS backend.

Пораженные продукты

cURL and libcurl versions earlier than 7.49.0

Решение

Update to the latest version
cURL download page

Первичный источник обнаружения
Vendor advisory
Оказываемое влияние
?
SB 
[?]
CVE-IDS
CVE-2016-37392.6Warning