CVE-2011-2192
EPSS 2.0%curl - improper delegation of client credentials
發布日:2011/7/7修改日:2026/4/28
描述
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
受影響套件(2)
- Debian/curlfrom 0, < 7.21.6-2
- Debian/curlfrom 0, < 7.18.2-8lenny5