[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-2192

Date: (C)2011-07-07   (M)2018-01-05 


The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1025713
SECUNIA-45047
SECUNIA-45067
SECUNIA-45088
SECUNIA-45144
SECUNIA-45181
SECUNIA-48256
APPLE-SA-2012-02-01-1
DSA-2271
FEDORA-2011-8586
FEDORA-2011-8640
GLSA-201203-02
IAVM:2012-A-0020
IAVM:2012-B-0056
MDVSA-2011:116
RHSA-2011:0918
USN-1158-1
http://curl.haxx.se/curl-gssapi-delegation.patch
http://curl.haxx.se/docs/adv_20110623.html
http://support.apple.com/kb/HT5130
https://bugzilla.redhat.com/show_bug.cgi?id=711454

CWE    1
CWE-255
OVAL    14
oval:org.secpod.oval:def:502084
oval:org.secpod.oval:def:700540
oval:org.secpod.oval:def:201541
oval:org.secpod.oval:def:3917
...

© 2013 SecPod Technologies