Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24774

HistoryApr 10, 2020 - 1:04 a.m.

Information Disclosure

2020-04-1001:04:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

0.002 Low

EPSS

Percentile

61.2%

curl is vulnerable to information disclosure. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client’s credentials and impersonate that client to other servers that are using GSSAPI.

CPENameOperatorVersion
curleq7.12.1__11.el4
curleq7.19.7__16.el6
curleq7.12.1__5.rhel4
curleq7.12.1__11.1.el4_7.1
curleq7.15.5__2.1.el5_3.4
curleq7.15.5__2.el5
curleq7.12.1__11.1.el4_8.2
curleq7.15.5__2.1.el5_3.5
curleq7.12.1__11.1.el4_8.1
curleq7.12.1__11.1.el4_8.3

Rows per page:

1-10 of 121

References

curl.haxx.se/curl-gssapi-delegation.patch

curl.haxx.se/docs/adv_20110623.html

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html

secunia.com/advisories/45047

secunia.com/advisories/45067

secunia.com/advisories/45088

secunia.com/advisories/45144

secunia.com/advisories/45181

secunia.com/advisories/48256

security.gentoo.org/glsa/glsa-201203-02.xml

support.apple.com/kb/HT5130

www.debian.org/security/2011/dsa-2271

www.mandriva.com/security/advisories?name=MDVSA-2011:116

www.redhat.com/support/errata/RHSA-2011-0918.html

www.securitytracker.com/id?1025713

www.ubuntu.com/usn/USN-1158-1

access.redhat.com/errata/RHSA-2011:0918

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=711454

0.002 Low

EPSS

Percentile

61.2%

Related for VERACODE:24774

oraclelinux1 openvas31 altlinux2 fedora3 nessus21 debiancve1 prion1 centos1 redhat2 ubuntucve1 debian2 securityvulns4 nvd1 freebsd1 cve1 cvelist1 ubuntu1 gentoo1 vmware2