What is CVE-2016-7141?

CVE-2016-7141 is a high-severity vulnerability in Haxx Libcurl, classified under Improper Authentication. CVSS score: 7.5/10. Published 2016-10-03.

How severe is CVE-2016-7141?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Haxx Libcurl

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate…

Vulnerability class: Broken Authentication

EPSS: 0.005 (67.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Haxx Libcurl
Opensuse Leap — versions 42.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

RHSA-2016:2575 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
RHSA-2018:3558 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Issue Tracking)
1036739 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Patch, Issue Tracking)
openSUSE-SU-2016:2379 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)
RHSA-2016:2957 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2016-7141?: CVE-2016-7141 is a high-severity vulnerability in Haxx Libcurl, classified under Improper Authentication. CVSS score: 7.5/10. Published 2016-10-03.
How severe is CVE-2016-7141?: High severity. CVSS v3 base score is 7.5 out of 10.