Improper Authorization
CVE-2016-5420
Summary
curl and libcurl 7.1 through 7.50.0 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published