[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-2192

Date: (C)2011-07-07   (M)2017-08-04
 
CVSS Score: 4.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Reference:
SECTRACK-1025713
SECUNIA-45047
SECUNIA-45067
SECUNIA-45088
SECUNIA-45144
SECUNIA-45181
APPLE-SA-2012-02-01-1
DSA-2271
FEDORA-2011-8586
FEDORA-2011-8640
IAVM:2012-A-0020
IAVM:2012-B-0056
MDVSA-2011:116
RHSA-2011:0918
USN-1158-1
http://curl.haxx.se/curl-gssapi-delegation.patch
http://curl.haxx.se/docs/adv_20110623.html
http://support.apple.com/kb/HT5130
https://bugzilla.redhat.com/show_bug.cgi?id=711454

CWE    1
CWE-255
OVAL    14
oval:org.secpod.oval:def:201541
oval:org.secpod.oval:def:102730
oval:org.secpod.oval:def:301044
oval:org.secpod.oval:def:102919
...

© 2013 SecPod Technologies