CVE-2007-3564 Information

Feb 14, 2021 cve

Description

libcurl 7.14.0 through 7.16.3 when built with GnuTLS support does not check SSL/TLS certificate expiration or activation dates which allows remote attackers to bypass certain access restrictions.

Reference

http://secunia.com/advisories/26104 http://secunia.com/advisories/26108 http://secunia.com/advisories/26128 http://secunia.com/advisories/26231 http://www.curl.haxx.se/docs/adv_20070710.html http://www.curl.haxx.se/docs/adv_20070710.html http://www.debian.org/security/2007/dsa-1333 http://www.securityfocus.com/bid/24938 http://www.trustix.org/errata/2007/0023/ http://www.ubuntu.com/usn/usn-484-1 http://www.vupen.com/english/advisories/2007/2551 https://exchange.xforce.ibmcloud.com/vulnerabilities/35479 libcurl-gnutls-weak-security(35479) libcurl 7.14.0 through 7.16.3 when built with GnuTLS support does not check SSL/TLS certificate expiration or activation dates which allows remote attackers to bypass certain access restrictions. cpe:2.3:a:libcurl:libcurl:7.14:::::::* cpe:2.3:a:libcurl:libcurl:7.14.1:::::::* cpe:2.3:a:libcurl:libcurl:7.15:::::::* cpe:2.3:a:libcurl:libcurl:7.15.1:::::::* cpe:2.3:a:libcurl:libcurl:7.15.2:::::::* cpe:2.3:a:libcurl:libcurl:7.15.3:::::::* cpe:2.3:a:libcurl:libcurl:7.16.3:::::::*

Share on: