CVE-2017-7468 - OpenCVE

Vendors	Products
Haxx	Libcurl

Link	Resource
http://www.securityfocus.com/bid/97962	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038341	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468	Issue Tracking Third Party Advisory
https://curl.haxx.se/docs/adv_20170419.html	Vendor Advisory
https://security.gentoo.org/glsa/201709-14	Third Party Advisory

{"containers": {"cna": {"affected": [{"product": "curl", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "curl 7.54.0"}]}], "datePublic": "2017-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-17T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468"}, {"name": "GLSA-201709-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-14"}, {"name": "1038341", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038341"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://curl.haxx.se/docs/adv_20170419.html"}, {"name": "97962", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97962"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7468", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "curl", "version": {"version_data": [{"version_value": "curl 7.54.0"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range."}]}, "impact": {"cvss": [[{"vectorString": "4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468"}, {"name": "GLSA-201709-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-14"}, {"name": "1038341", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038341"}, {"name": "https://curl.haxx.se/docs/adv_20170419.html", "refsource": "CONFIRM", "url": "https://curl.haxx.se/docs/adv_20170419.html"}, {"name": "97962", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97962"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7468", "datePublished": "2018-07-16T13:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2018-07-17T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EDCC18C-69F4-4185-A846-513424A4E8A7", "versionEndIncluding": "7.53.1", "versionStartIncluding": "7.52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range."}, {"lang": "es", "value": "En curl y libcurl 7.52.0 hasta e incluyendo la versi\u00f3n 7.53.1, libcurl intenta retomar una sesi\u00f3n TLS aunque el certificado del cliente haya cambiado. Esto es inaceptable, ya que un servidor por sus especificaciones puede saltarse la comprobaci\u00f3n de certificado de cliente al retomar su operativa para emplear en su lugar la identidad antigua que fue establecida por el anterior certificado (o no certificado). Por defecto, libcurl soporta el uso de un ID/ticket TLS para retomar sesiones TLS anteriores para acelerar los handshakes TLS subsecuentes. Se emplean cuando, por alg\u00fan motivo, una conexi\u00f3n TLS no pudo mantenerse activa para hacer que el siguiente handshake fuese m\u00e1s r\u00e1pido. Este error es una regresi\u00f3n y es id\u00e9ntico a CVE-2016-5419, reportado el 3 de agosto de 2016, pero afectando a un rango de versiones diferente."}], "id": "CVE-2017-7468", "lastModified": "2019-10-09T23:29:37.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-07-16T13:29:00.287", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97962"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038341"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://curl.haxx.se/docs/adv_20170419.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201709-14"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

JSON object

JSON object

JSON object