Back to bug 1373229
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-09-05 14:41:31 UTC | Depends On | 1373230 | |
| Adam Mariš | 2016-09-05 14:41:43 UTC | Depends On | 1373231 | |
| Adam Mariš | 2016-09-05 14:41:54 UTC | Depends On | 1373232 | |
| Adam Mariš | 2016-09-05 14:44:10 UTC | Blocks | 1362200 | |
| Martin Prpič | 2016-09-06 06:17:01 UTC | Alias | CVE-2016-7141 | |
| Martin Prpič | 2016-09-06 06:17:17 UTC | Summary | curl: Incorrect reuse of client certificates | CVE-2016-7141 curl: Incorrect reuse of client certificates |
| Dhiru Kholia | 2016-09-06 14:32:12 UTC | Depends On | 1364910 | |
| Dhiru Kholia | 2016-09-07 04:03:59 UTC | CC | dkholia, kseifried | |
| Slawomir Czarko | 2016-09-07 10:27:43 UTC | CC | slawomir | |
| Norman Sardella | 2016-09-07 14:30:47 UTC | CC | sardella | |
| Ray Satiro | 2016-09-07 21:42:22 UTC | CC | raysatiro | |
| Dhiru Kholia | 2016-09-29 07:07:25 UTC | Doc Text | It was found that curl and libcurl built on top of NSS (Network Security Services) incorrectly re-used client certificates when a certificate from file was used for one TLS connection but no certificate was set for a subsequent TLS connection. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Tomas Hoger | 2016-10-25 20:02:05 UTC | Doc Text | It was found that curl and libcurl built on top of NSS (Network Security Services) incorrectly re-used client certificates when a certificate from file was used for one TLS connection but no certificate was set for a subsequent TLS connection. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | It was found that the libcurl library using NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. |
| Tomas Hoger | 2016-10-25 20:03:54 UTC | Doc Text | It was found that the libcurl library using NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. |
| Tomas Hoger | 2016-10-25 20:05:14 UTC | Whiteboard | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=defer,jbews-3/curl=new,rhev-m-3/mingw-virt-viewer=new,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=new,rhev-m-3/mingw-virt-viewer=new,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected |
| Kurt Seifried | 2016-10-26 16:27:12 UTC | Whiteboard | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=new,rhev-m-3/mingw-virt-viewer=new,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=new,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected |
| Bharti Kundal | 2016-10-31 17:32:08 UTC | Whiteboard | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=new,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected |
| Timothy Walsh | 2017-01-19 06:55:25 UTC | Blocks | 1395463 | |
| Scott Herold | 2017-09-12 15:40:41 UTC | CC | sherold | |
| Tomas Hoger | 2018-01-10 21:32:23 UTC | CC | omajid | |
| Whiteboard | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected,dotnet-1.0/rh-dotnetcore10-curl=new,dotnet-1.1/rh-dotnetcore11-curl=new,dotnet-2.0/rh-dotnet20-curl=new | ||
| Tomas Hoger | 2018-01-10 21:33:47 UTC | Whiteboard | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=wontfix,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected,dotnet-1.0/rh-dotnetcore10-curl=new,dotnet-1.1/rh-dotnetcore11-curl=new,dotnet-2.0/rh-dotnet20-curl=new | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=notaffected,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected,dotnet-1.0/rh-dotnetcore10-curl=notaffected,dotnet-1.1/rh-dotnetcore11-curl=notaffected,dotnet-2.0/rh-dotnet20-curl=notaffected |
| PnT Account Manager | 2018-03-29 22:01:16 UTC | CC | dkholia | |
| PnT Account Manager | 2018-06-29 22:14:30 UTC | CC | kseifried | |
| PnT Account Manager | 2018-07-18 15:00:21 UTC | CC | rbalakri | |
| PnT Account Manager | 2018-11-05 22:47:01 UTC | CC | ylavi | |
| Tomas Hoger | 2018-11-12 15:40:56 UTC | CC | hhorak, jorton, luhliari | |
| Whiteboard | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=notaffected,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected,dotnet-1.0/rh-dotnetcore10-curl=notaffected,dotnet-1.1/rh-dotnetcore11-curl=notaffected,dotnet-2.0/rh-dotnet20-curl=notaffected | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=notaffected,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected,dotnet-1.0/rh-dotnetcore10-curl=notaffected,dotnet-1.1/rh-dotnetcore11-curl=notaffected,dotnet-2.0/rh-dotnet20-curl=notaffected,rhscl-3/httpd24-curl=affected | ||
| errata-xmlrpc | 2018-11-13 08:32:38 UTC | Link ID | Red Hat Product Errata RHSA-2018:3558 | |
| Gil Klein | 2019-04-14 12:52:35 UTC | CC | gklein | |
| Product Security DevOps Team | 2019-06-08 02:58:10 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:58:10 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=low,public=20160905,reported=20160905,source=oss-security,cvss2=4.9/AV:N/AC:M/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-295,rhel-5/curl=notaffected,rhel-6/curl=wontfix,rhel-7/curl=affected,jbews-3/curl=affected,rhev-m-3/mingw-virt-viewer=wontfix,fedora-all/curl=affected,fedora-all/mingw-curl=affected,epel-7/mingw-curl=affected,dotnet-1.0/rh-dotnetcore10-curl=notaffected,dotnet-1.1/rh-dotnetcore11-curl=notaffected,dotnet-2.0/rh-dotnet20-curl=notaffected,rhscl-3/httpd24-curl=affected |
Back to bug 1373229