关键信息 CVE ID: CVE-2017-2628 Bug ID: 1422464 Subject: curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148) Status: CLOSED ERRATA Product: Security Response Component: vulnerability OS: Linux Priority & Severity: medium Reported: 2017-02-15 11:50 UTC Modified: 2021-02-17 02:35 UTC Last Closed: 2017-03-29 06:43:23 UTC Affected Versions: RHEL 6.7 and RHEL 6 curl only Issue: - Incorrectly reused Negotiate authenticated HTTP connections for subsequent requests. - If an application established a Negotiate authenticated HTTP connection and sent subsequent requests with different credentials, the connection could be reused with the initial set of credentials. Fix Status: - Addressed in Red Hat Enterprise Linux 6 via RHSA-2017:0847 