Executive Summary

Informations
NameCVE-2016-3739First vendor Publication2016-05-20
VendorCveLast vendor Modification2018-10-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application37

Nessus® Vulnerability Scanner

DateDescription
2017-05-02Name : An application installed on the remote host is affected by multiple vulnerabi...
File : oracle_secure_global_desktop_apr_2017_cpu.nasl - Type : ACT_GATHER_INFO
2017-01-20Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201701-47.nasl - Type : ACT_GATHER_INFO
2016-11-09Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_6.nasl - Type : ACT_GATHER_INFO
2016-05-23Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-141-01.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/90726
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://curl.haxx.se/changes.html#7_49_0
https://curl.haxx.se/CVE-2016-3739.patch
https://curl.haxx.se/docs/adv_20160518.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
GENTOO https://security.gentoo.org/glsa/201701-47
SECTRACK http://www.securitytracker.com/id/1035907
SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2018-10-17 09:20:18
  • Multiple Updates
2017-07-01 09:23:26
  • Multiple Updates
2017-05-04 13:25:28
  • Multiple Updates
2017-02-17 09:23:56
  • Multiple Updates
2017-01-21 13:22:46
  • Multiple Updates
2016-12-01 09:24:20
  • Multiple Updates
2016-11-29 00:26:10
  • Multiple Updates
2016-11-10 13:24:18
  • Multiple Updates
2016-10-29 09:23:23
  • Multiple Updates
2016-05-24 13:28:17
  • Multiple Updates
2016-05-21 00:24:50
  • Multiple Updates
2016-05-20 21:26:45
  • First insertion