curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
References
Configurations
History
07 Nov 2023, 02:33
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-08-10 14:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-5419
Mitre link : CVE-2016-5419
CVE.ORG link : CVE-2016-5419
JSON object : View
Products Affected
opensuse
- leap
debian
- debian_linux
haxx
- libcurl
CWE
CWE-310
Cryptographic Issues