curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
Affected Products
Product | Current Assessment |
---|---|
Brocade 5400 vRouter | Impacted: Fixed in 6.7R13. |
Brocade 5600 vRouter | Impacted: Fixed in 17.2.0. |
Brocade Services Director | Impacted: Fixed in 17.1. |
Brocade Virtual Traffic Manager | Impacted: Appliance fixed in 17.1, 10.4r1, 9.9r2, and later. |
Products Confirmed Not Vulnerable
Brocade FastIron OS, Brocade NetIron OS, Brocade Network Advisor, Brocade SDN Controller, Brocade ServerIron ADX, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager: Software, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | March 31, 2017 |