CVE-2014-0015CVE-2014-0015

Affected configuration(s):

cpe:/a:haxx:curl:7.10.6
cpe:/a:haxx:curl:7.10.7
cpe:/a:haxx:curl:7.10.8
cpe:/a:haxx:curl:7.11.0
cpe:/a:haxx:curl:7.11.1
cpe:/a:haxx:curl:7.11.2
cpe:/a:haxx:curl:7.12.0
cpe:/a:haxx:curl:7.12.1
cpe:/a:haxx:curl:7.12.2
cpe:/a:haxx:curl:7.12.3
cpe:/a:haxx:curl:7.13.0
cpe:/a:haxx:curl:7.13.1
cpe:/a:haxx:curl:7.13.2
cpe:/a:haxx:curl:7.14.0
cpe:/a:haxx:curl:7.14.1
cpe:/a:haxx:curl:7.15.0
cpe:/a:haxx:curl:7.15.1
cpe:/a:haxx:curl:7.15.2
cpe:/a:haxx:curl:7.15.3
cpe:/a:haxx:curl:7.15.4
cpe:/a:haxx:curl:7.15.5
cpe:/a:haxx:curl:7.16.0
cpe:/a:haxx:curl:7.16.1
cpe:/a:haxx:curl:7.16.2
cpe:/a:haxx:curl:7.16.3
cpe:/a:haxx:curl:7.16.4
cpe:/a:haxx:curl:7.17.0
cpe:/a:haxx:curl:7.17.1
cpe:/a:haxx:curl:7.18.0
cpe:/a:haxx:curl:7.18.1
cpe:/a:haxx:curl:7.18.2
cpe:/a:haxx:curl:7.19.0
cpe:/a:haxx:curl:7.19.1
cpe:/a:haxx:curl:7.19.2
cpe:/a:haxx:curl:7.19.3
cpe:/a:haxx:curl:7.19.4
cpe:/a:haxx:curl:7.19.5
cpe:/a:haxx:curl:7.19.6
cpe:/a:haxx:curl:7.19.7
cpe:/a:haxx:curl:7.20.0
cpe:/a:haxx:curl:7.20.1
cpe:/a:haxx:curl:7.21.0
cpe:/a:haxx:curl:7.21.1
cpe:/a:haxx:curl:7.21.2
cpe:/a:haxx:curl:7.21.3
cpe:/a:haxx:curl:7.21.4
cpe:/a:haxx:curl:7.21.5
cpe:/a:haxx:curl:7.21.6
cpe:/a:haxx:curl:7.21.7
cpe:/a:haxx:curl:7.22.0
cpe:/a:haxx:curl:7.23.0
cpe:/a:haxx:curl:7.23.1
cpe:/a:haxx:curl:7.24.0
cpe:/a:haxx:curl:7.25.0
cpe:/a:haxx:curl:7.26.0
cpe:/a:haxx:curl:7.27.0
cpe:/a:haxx:curl:7.28.0
cpe:/a:haxx:curl:7.28.1
cpe:/a:haxx:curl:7.29.0
cpe:/a:haxx:curl:7.30.0
cpe:/a:haxx:curl:7.31.0
cpe:/a:haxx:curl:7.32.0
cpe:/a:haxx:curl:7.33.0
cpe:/a:haxx:curl:7.34.0
cpe:/a:haxx:libcurl:7.10.6
cpe:/a:haxx:libcurl:7.10.7
cpe:/a:haxx:libcurl:7.10.8
cpe:/a:haxx:libcurl:7.11.0
cpe:/a:haxx:libcurl:7.11.1
cpe:/a:haxx:libcurl:7.11.2
cpe:/a:haxx:libcurl:7.12.0
cpe:/a:haxx:libcurl:7.12.1
cpe:/a:haxx:libcurl:7.12.2
cpe:/a:haxx:libcurl:7.12.3
cpe:/a:haxx:libcurl:7.13.0
cpe:/a:haxx:libcurl:7.13.1
cpe:/a:haxx:libcurl:7.13.2
cpe:/a:haxx:libcurl:7.14.0
cpe:/a:haxx:libcurl:7.14.1
cpe:/a:haxx:libcurl:7.15.0
cpe:/a:haxx:libcurl:7.15.1
cpe:/a:haxx:libcurl:7.15.2
cpe:/a:haxx:libcurl:7.15.3
cpe:/a:haxx:libcurl:7.15.4
cpe:/a:haxx:libcurl:7.15.5
cpe:/a:haxx:libcurl:7.16.0
cpe:/a:haxx:libcurl:7.16.1
cpe:/a:haxx:libcurl:7.16.2
cpe:/a:haxx:libcurl:7.16.3
cpe:/a:haxx:libcurl:7.16.4
cpe:/a:haxx:libcurl:7.17.0
cpe:/a:haxx:libcurl:7.17.1
cpe:/a:haxx:libcurl:7.18.0
cpe:/a:haxx:libcurl:7.18.1
cpe:/a:haxx:libcurl:7.18.2
cpe:/a:haxx:libcurl:7.19.0
cpe:/a:haxx:libcurl:7.19.1
cpe:/a:haxx:libcurl:7.19.2
cpe:/a:haxx:libcurl:7.19.3
cpe:/a:haxx:libcurl:7.19.4
cpe:/a:haxx:libcurl:7.19.5
cpe:/a:haxx:libcurl:7.19.6
cpe:/a:haxx:libcurl:7.19.7
cpe:/a:haxx:libcurl:7.20.0
cpe:/a:haxx:libcurl:7.20.1
cpe:/a:haxx:libcurl:7.21.0
cpe:/a:haxx:libcurl:7.21.1
cpe:/a:haxx:libcurl:7.21.2
cpe:/a:haxx:libcurl:7.21.3
cpe:/a:haxx:libcurl:7.21.4
cpe:/a:haxx:libcurl:7.21.5
cpe:/a:haxx:libcurl:7.21.6
cpe:/a:haxx:libcurl:7.21.7
cpe:/a:haxx:libcurl:7.22.0
cpe:/a:haxx:libcurl:7.23.0
cpe:/a:haxx:libcurl:7.23.1
cpe:/a:haxx:libcurl:7.24.0
cpe:/a:haxx:libcurl:7.25.0
cpe:/a:haxx:libcurl:7.26.0
cpe:/a:haxx:libcurl:7.27.0
cpe:/a:haxx:libcurl:7.28.0
cpe:/a:haxx:libcurl:7.28.1
cpe:/a:haxx:libcurl:7.29.0
cpe:/a:haxx:libcurl:7.30.0
cpe:/a:haxx:libcurl:7.31.0
cpe:/a:haxx:libcurl:7.32.0
cpe:/a:haxx:libcurl:7.33.0
cpe:/a:haxx:libcurl:7.34.0

Date published: 2014-02-01T19:55:05.317-05:00

Date last modified: 2016-12-02T22:00:53.957-05:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  HIGH

Reference URL: http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html

Summary: cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.