Search for vulnerabilities
Vulnerability details: VCID-7br9-fvxx-aaaj
Vulnerability ID VCID-7br9-fvxx-aaaj
Aliases CVE-2016-7141
Summary curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-287 Improper Authentication
CWE-295 Improper Certificate Validation
CWE-305 Authentication Bypass by Primary Weakness
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7141.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:2575
rhas Important https://access.redhat.com/errata/RHSA-2016:2957
cvssv3.1 9.8 https://access.redhat.com/errata/RHSA-2018:3558
generic_textual CRITICAL https://access.redhat.com/errata/RHSA-2018:3558
cvssv3 4.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7141.json
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00356 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00524 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02135 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
epss 0.02263 https://api.first.org/data/v1/epss?cve=CVE-2016-7141
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1373229
generic_textual Low https://curl.haxx.se/docs/adv_20160907.html
cvssv3.1 High https://curl.se/docs/CVE-2016-7141.html
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141
generic_textual Low http://seclists.org/oss-sec/2016/q3/419
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2016-7141
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-7141
generic_textual Medium https://ubuntu.com/security/notices/USN-3123-1
cvssv3.1 5.9 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
generic_textual MODERATE http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7141.html
http://rhn.redhat.com/errata/RHSA-2016-2575.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7141.json
https://api.first.org/data/v1/epss?cve=CVE-2016-7141
https://curl.haxx.se/docs/adv_20160907.html
https://curl.se/docs/CVE-2016-7141.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141
http://seclists.org/oss-sec/2016/q3/419
https://github.com/curl/curl/commit/curl-7_50_2~32
https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html
https://security.gentoo.org/glsa/201701-47
https://ubuntu.com/security/notices/USN-3123-1
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/92754
http://www.securitytracker.com/id/1036739
1373229 https://bugzilla.redhat.com/show_bug.cgi?id=1373229
836918 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836918
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
CVE-2016-7141 https://nvd.nist.gov/vuln/detail/CVE-2016-7141
RHSA-2016:2575 https://access.redhat.com/errata/RHSA-2016:2575
RHSA-2016:2957 https://access.redhat.com/errata/RHSA-2016:2957
USN-3123-1 https://usn.ubuntu.com/3123-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3558
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7141.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-7141
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-7141
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.72595
EPSS Score 0.00356
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.