The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2011-07-07T21:00:00
Updated: 2024-08-06T22:53:17.373Z
Reserved: 2011-05-31T00:00:00
Link: CVE-2011-2192
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-07-07T21:55:02.320
Modified: 2024-11-21T01:27:47.160
Link: CVE-2011-2192
Redhat