Описание
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.47.0-1ubuntu1 |
| esm-infra-legacy/trusty | released | 7.35.0-1ubuntu2.6 |
| precise | released | 7.22.0-3ubuntu4.15 |
| trusty | released | 7.35.0-1ubuntu2.6 |
| trusty/esm | released | 7.35.0-1ubuntu2.6 |
| upstream | released | 7.47.0 |
| vivid | released | 7.38.0-3ubuntu2.3 |
| vivid/stable-phone-overlay | released | 7.38.0-3ubuntu2.3 |
| vivid/ubuntu-core | released | 7.38.0-3ubuntu2.3 |
| wily | released | 7.43.0-1ubuntu2.1 |
Показывать по
5 Medium
CVSS2
7.3 High
CVSS3
Связанные уязвимости
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 do ...
5 Medium
CVSS2
7.3 High
CVSS3