BSA-2017-216
21533
31 March 2017
31 March 2017
Closed
High
7.5
N/A
CVE-2016-7141
Summary
Security Advisory ID : BSA-2017-216
Component : libcurl
Revision : 1.0: Interim
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
Affected Products
| Product | Current Assessment |
|---|---|
| Brocade 5400 vRouter | Impacted: Fixed in 6.7R13. |
| Brocade 5600 vRouter | Impacted: Fixed in 17.2.0. |
| Brocade Services Director | Impacted: Fixed in 17.1. |
| Brocade Virtual Traffic Manager | Impacted: Appliance fixed in 17.1, 10.4r1, 9.9r2, and later. |
Products Confirmed Not Vulnerable
Brocade FastIron OS, Brocade NetIron OS, Brocade Network Advisor, Brocade SDN Controller, Brocade ServerIron ADX, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager: Software, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | March 31, 2017 |