CVE-2011-2192

N/A Unknown
Published: July 07, 2011 Modified: April 29, 2026
View on NVD

Description

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://curl.haxx.se/curl-gssapi-delegation.patch
Source: secalert@redhat.com
Broken Link
http://curl.haxx.se/docs/adv_20110623.html
Source: secalert@redhat.com
Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://secunia.com/advisories/45047
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/45067
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/45088
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/45144
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/45181
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/48256
Source: secalert@redhat.com
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201203-02.xml
Source: secalert@redhat.com
Third Party Advisory
http://support.apple.com/kb/HT5130
Source: secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2011/dsa-2271
Source: secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:116
Source: secalert@redhat.com
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0918.html
Source: secalert@redhat.com
Third Party Advisory
http://www.securitytracker.com/id?1025713
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1158-1
Source: secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=711454
Source: secalert@redhat.com
Issue Tracking Third Party Advisory
http://curl.haxx.se/curl-gssapi-delegation.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://curl.haxx.se/docs/adv_20110623.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://secunia.com/advisories/45047
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/45067
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/45088
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/45144
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/45181
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48256
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201203-02.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT5130
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2011/dsa-2271
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:116
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0918.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securitytracker.com/id?1025713
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1158-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=711454
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Third Party Advisory

38 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.0%
86th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-255

Affected Vendors

apple canonical haxx fedoraproject debian

Related CVEs

CVE-2026-56414 7.2
CVE-2026-55975 7.2
CVE-2026-33560 7.1
CVE-2026-31928 8.1
CVE-2026-28701 9.8