---

CVE-2017-7468 - log back

CVE-2017-7468 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Certificate verification bypass
Description	+ libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). + This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.
References	+ https://curl.haxx.se/docs/adv_20170419.html
Notes