[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3143Date: (C)2015-04-24   (M)2024-04-19


cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1032232
BID-74299
APPLE-SA-2015-08-13-2
DSA-3232
FEDORA-2015-6695
FEDORA-2015-6712
FEDORA-2015-6728
FEDORA-2015-6853
FEDORA-2015-6864
GLSA-201509-02
HPSBHF03544
MDVSA-2015:219
MDVSA-2015:220
RHSA-2015:1254
USN-2591-1
http://advisories.mageia.org/MGASA-2015-0179.html
http://curl.haxx.se/docs/adv_20150422A.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://support.apple.com/kb/HT205031
openSUSE-SU-2015:0799

CPE    155
cpe:/a:haxx:curl:7.21.0
cpe:/a:haxx:libcurl:7.24.0
cpe:/a:haxx:libcurl:7.20.1
cpe:/a:haxx:curl:7.40.0
...
CWE    1
CWE-264
OVAL    17
oval:org.secpod.oval:def:25772
oval:org.secpod.oval:def:25773
oval:org.secpod.oval:def:24538
oval:org.secpod.oval:def:24344
...

© SecPod Technologies