vulnerability
Amazon Linux AMI: CVE-2016-5419: Security patch for curl (ALAS-2016-730)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Aug 10, 2016 | Aug 22, 2016 | Oct 14, 2022 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 10, 2016
Added
Aug 22, 2016
Modified
Oct 14, 2022
Description
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Solution
amazon-linux-upgrade-curl
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.