KLA10859
Security bypass vulnerabilities in cURL

Обновлено: 03/06/2020

Дата обнаружения	03/08/2016
Уровень угрозы	Critical
Описание	Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to bypass security restrictions. Below is a complete list of vulnerabilities Use-after-free vulnerability can be exploited to control which connection is used; An improper TLS connection reuse handling can be exploited remotely via connection manipulations to hijack authentication; An improper TLS certificate change handling can be exploited remotely via connection manipulations to bypass security restrictions. Technical details The curl command line tool is also affected because of these flaws. All vulnerabilities were found in libcurl library.
Пораженные продукты	cURL and libcurl versions earlier than 7.50.1
Решение	Update to the latest version or apply patches patch for CVE-2016-5421 patch for CVE-2016-5420 cURL download page patch for CVE-2016-5419
Первичный источник обнаружения	cURL vulnerabilities table and advisories
Оказываемое влияние ?	SB [?]
Связанные продукты	cURL
CVE-IDS	CVE-2016-54216.8High CVE-2016-54205.0Critical CVE-2016-54195.0Critical
	Узнай статистику распространения уязвимостей в твоем регионе

KLA10859Security bypass vulnerabilities in cURL