Описание
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | curl | Will not fix | ||
| Red Hat Enterprise Linux 6 | curl | Will not fix | ||
| Red Hat Enterprise Linux 7 | curl | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 3 | curl | Will not fix | ||
| Red Hat Software Collections | httpd24-curl | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 do ...
EPSS
4 Medium
CVSS2