Lucene search
F5F5:K35453761HistoryMar 28, 2018 - 12:00 a.m.
K35453761 : cURL and libcurl vulnerability CVE-2017-2628
2018-03-2800:00:00
my.f5.com
69
Security Advisory Description
cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 cURL only. (CVE-2017-2628)
Impact
An application using libcurl with HTTP Negotiate authentication can incorrectly re-use credentials for subsequent requests to the same server.
Related
cve
cve
CVE-2017-2628
2018-03-12 15:29:00
CVE-2015-3148
2015-04-24 14:59:11
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:16:50
Authentication Bypass
2018-05-16 08:57:04
CRLF Injection
2019-05-02 05:40:50
nvd
nvd
CVE-2017-2628
2018-03-12 15:29:00
CVE-2015-3148
2015-04-24 14:59:11
openvas
openvas
RedHat Update for curl RHSA-2017:0847-01
2017-04-07 00:00:00
Debian: Security Advisory (DLA-211-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2015-0179)
2022-01-28 00:00:00
nessus
nessus
NewStart CGSL MAIN 4.05 : curl Vulnerability (NS-SA-2019-0104)
2019-08-12 00:00:00
RHEL 6 : curl (RHSA-2017:0847)
2017-04-13 00:00:00
F5 Networks BIG-IP : cURL and libcurl vulnerability (K35453761)
2021-02-19 00:00:00
redhat
redhat
(RHSA-2017:0847) Moderate: curl security update
2017-03-29 05:37:28
(RHSA-2015:1254) Moderate: curl security, bug fix, and enhancement update
2015-07-22 05:29:46
(RHSA-2015:2159) Moderate: curl security, bug fix, and enhancement update
2015-11-19 14:41:12
debiancve
debiancve
CVE-2017-2628
2018-03-12 15:29:00
CVE-2015-3148
2015-04-24 14:59:11
osv
osv
CVE-2017-2628
2018-03-12 15:29:00
curl - security update
2015-04-29 00:00:00
curl - security update
2015-04-22 00:00:00
prion
prion
Code injection
2018-03-12 15:29:00
Cross site request forgery (csrf)
2015-04-24 14:59:00
ubuntucve
ubuntucve
CVE-2017-2628
2018-03-12 00:00:00
CVE-2015-3148
2015-04-22 00:00:00
cvelist
cvelist
CVE-2017-2628
2018-03-12 15:00:00
CVE-2015-3148
2015-04-24 14:00:00
f5
f5
K16707 : cURL and libcurl vulnerability CVE-2015-3148
2015-05-29 00:00:00
SOL16707 - cURL and libcurl vulnerability CVE-2015-3148
2015-05-29 00:00:00
oraclelinux
oraclelinux
curl security update
2017-03-29 00:00:00
curl security, bug fix, and enhancement update
2015-11-23 00:00:00
curl security, bug fix, and enhancement update
2015-07-28 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:220 ] curl
2015-05-04 00:00:00
[USN-2591-1] curl vulnerabilities
2015-05-05 00:00:00
cURL security vulnerabilitiies
2015-11-01 00:00:00
debian
debian
[SECURITY] [DLA 211-1] curl security update
2015-04-29 20:42:59
[SECURITY] [DSA 3232-1] curl security update
2015-04-22 12:08:24
mageia
mageia
Updated curl packages fix security vulnerabilities
2015-05-03 03:19:16
kaspersky
kaspersky
KLA10566 Multiple vulnerabilities in cURL
2015-04-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.42.0-alt1
2015-04-22 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: curl-7.40.0-3.fc22
2015-04-26 12:43:00
[SECURITY] Fedora 22 Update: mingw-curl-7.42.0-1.fc22
2015-05-01 16:51:59
[SECURITY] Fedora 21 Update: curl-7.37.0-14.fc21
2015-05-02 18:11:42
amazon
amazon
Medium: curl
2015-04-22 16:14:00
ibm
ibm
Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection
2018-06-16 21:30:39
Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM
2018-06-18 01:30:31
ubuntu
ubuntu
curl vulnerabilities
2015-04-30 00:00:00
centos
centos
curl, libcurl security update
2015-11-30 19:26:37
curl, libcurl security update
2015-07-26 14:12:23
archlinux
archlinux
curl: multiple issues
2015-04-24 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2015-09-24 00:00:00
slackware
slackware
[slackware-security] curl
2015-10-29 22:48:27