vulnerability
Amazon Linux AMI: CVE-2016-5419: Security patch for curl (ALAS-2016-730)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Aug 10, 2016 | Aug 22, 2016 | Oct 14, 2022 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 10, 2016
Added
Aug 22, 2016
Modified
Oct 14, 2022
Description
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Solution
amazon-linux-upgrade-curl
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.