CVE-2017-2628

curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.

curl, tal y como se distribuye en Red Hat Enterprise Linux 6, en versiones anteriores a la 7.19.7-53, no realizó correctamente el backport de la solución para CVE-2015-3148 debido a que no reflejó el hecho de que la definición HAVE_GSSAPI se sustituyó mientras tanto por USE_HTTP_NEGOTIATE. Este problema se introdujo en RHEL 6.7 y solo afecta a RHEL 6 curl.

It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server.

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-12-01 CVE Reserved
2017-03-30 CVE Published
2024-08-05 CVE Updated
2025-04-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/97187	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2017-0847.html	2023-02-12
https://bugzilla.redhat.com/show_bug.cgi?id=1422464	2017-03-29
https://access.redhat.com/security/cve/CVE-2017-2628	2017-03-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Haxx Search vendor "Haxx"	Curl Search vendor "Haxx" for product "Curl"	7.19.7 Search vendor "Haxx" for product "Curl" and version "7.19.7"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"	6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"	-	Safe
Haxx Search vendor "Haxx"	Curl Search vendor "Haxx" for product "Curl"	7.19.7 Search vendor "Haxx" for product "Curl" and version "7.19.7"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"	6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"	-	Safe
Haxx Search vendor "Haxx"	Curl Search vendor "Haxx" for product "Curl"	7.19.7 Search vendor "Haxx" for product "Curl" and version "7.19.7"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"	6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"	-	Safe