CVE-2015-3148

Опубликовано: 24 апр. 2015

Источник: debian

EPSS Низкий

Описание

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
curl	fixed	7.42.0-1		package

Примечания

http://curl.haxx.se/docs/adv_20150422B.html

EPSS

Процентиль: 80%

0.01442

Низкий

Связанные уязвимости

CVE-2015-3148

ubuntu

больше 10 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2015-3148

redhat

больше 10 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2015-3148

nvd

больше 10 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

GHSA-28hh-42pj-vp7w

github

больше 3 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

SUSE-SU-2015:0990-1

suse-cvrf

больше 10 лет назад

Security update for curl

EPSS

Процентиль: 80%

0.01442

Низкий