CVE-2015-3148

Опубликовано: 24 апр. 2015

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

Описание

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Релиз	Статус	Примечание
devel	released	7.38.0-3ubuntu2.2
esm-infra-legacy/trusty	not-affected	7.35.0-1ubuntu2.5
lucid	ignored	end of life
precise	released	7.22.0-3ubuntu4.14
trusty	released	7.35.0-1ubuntu2.5
trusty/esm	not-affected	7.35.0-1ubuntu2.5
upstream	released	7.42.0
utopic	released	7.37.1-1ubuntu3.4
vivid	released	7.38.0-3ubuntu2.2
vivid/stable-phone-overlay	released	7.38.0-3ubuntu2.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 80%

0.01442

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2015-3148

redhat

больше 10 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2015-3148

nvd

больше 10 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

CVE-2015-3148

debian

больше 10 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenti ...

GHSA-28hh-42pj-vp7w

github

больше 3 лет назад

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

SUSE-SU-2015:0990-1

suse-cvrf

больше 10 лет назад

Security update for curl

EPSS

Процентиль: 80%

0.01442

Низкий

5 Medium

CVSS2

CVE-2015-3148

Описание

Пакет curl

Ссылки на источники

Связанные уязвимости