CVE-2017-2628
N/A
N/A
Summary
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat, Inc. | curl | 7.19.7-53 | affected |
Weaknesses
- CWE-287: CWE-287
ADP Enrichment
CVE Program Container
Additional References
- http://rhn.redhat.com/errata/RHSA-2017-0847.html
- http://www.securityfocus.com/bid/97187
- https://bugzilla.redhat.com/show_bug.cgi?id=1422464
References
- http://rhn.redhat.com/errata/RHSA-2017-0847.html
- http://www.securityfocus.com/bid/97187
- https://bugzilla.redhat.com/show_bug.cgi?id=1422464
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.