CVE-2017-7468 - log back

CVE-2017-7468 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Certificate verification bypass
Description
+ libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate).
+ This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.
References
+ https://curl.haxx.se/docs/adv_20170419.html
Notes