Описание
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.35.0-1ubuntu1 |
| lucid | released | 7.19.7-1ubuntu1.6 |
| precise | released | 7.22.0-3ubuntu4.7 |
| quantal | released | 7.27.0-1ubuntu1.8 |
| saucy | released | 7.32.0-1ubuntu1.3 |
| upstream | released | 7.35.0-1 |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
cURL and libcurl 7.10.6 through 7.34.0, when more than one authenticat ...
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
ELSA-2014-0561: curl security and bug fix update (MODERATE)
EPSS
4 Medium
CVSS2