CVE-2014-0138CVE-2014-0138

Affected configuration(s):

cpe:/a:haxx:curl:7.10.6
cpe:/a:haxx:curl:7.10.7
cpe:/a:haxx:curl:7.10.8
cpe:/a:haxx:curl:7.11.0
cpe:/a:haxx:curl:7.11.1
cpe:/a:haxx:curl:7.11.2
cpe:/a:haxx:curl:7.12.0
cpe:/a:haxx:curl:7.12.1
cpe:/a:haxx:curl:7.12.2
cpe:/a:haxx:curl:7.12.3
cpe:/a:haxx:curl:7.13.0
cpe:/a:haxx:curl:7.13.1
cpe:/a:haxx:curl:7.13.2
cpe:/a:haxx:curl:7.14.0
cpe:/a:haxx:curl:7.14.1
cpe:/a:haxx:curl:7.15.0
cpe:/a:haxx:curl:7.15.1
cpe:/a:haxx:curl:7.15.2
cpe:/a:haxx:curl:7.15.3
cpe:/a:haxx:curl:7.15.4
cpe:/a:haxx:curl:7.15.5
cpe:/a:haxx:curl:7.16.0
cpe:/a:haxx:curl:7.16.1
cpe:/a:haxx:curl:7.16.2
cpe:/a:haxx:curl:7.16.3
cpe:/a:haxx:curl:7.16.4
cpe:/a:haxx:curl:7.17.0
cpe:/a:haxx:curl:7.17.1
cpe:/a:haxx:curl:7.18.0
cpe:/a:haxx:curl:7.18.1
cpe:/a:haxx:curl:7.18.2
cpe:/a:haxx:curl:7.19.0
cpe:/a:haxx:curl:7.19.1
cpe:/a:haxx:curl:7.19.2
cpe:/a:haxx:curl:7.19.3
cpe:/a:haxx:curl:7.19.4
cpe:/a:haxx:curl:7.19.5
cpe:/a:haxx:curl:7.19.6
cpe:/a:haxx:curl:7.19.7
cpe:/a:haxx:curl:7.20.0
cpe:/a:haxx:curl:7.20.1
cpe:/a:haxx:curl:7.21.0
cpe:/a:haxx:curl:7.21.1
cpe:/a:haxx:curl:7.21.2
cpe:/a:haxx:curl:7.21.3
cpe:/a:haxx:curl:7.21.4
cpe:/a:haxx:curl:7.21.5
cpe:/a:haxx:curl:7.21.6
cpe:/a:haxx:curl:7.21.7
cpe:/a:haxx:curl:7.22.0
cpe:/a:haxx:curl:7.23.0
cpe:/a:haxx:curl:7.23.1
cpe:/a:haxx:curl:7.24.0
cpe:/a:haxx:curl:7.25.0
cpe:/a:haxx:curl:7.26.0
cpe:/a:haxx:curl:7.27.0
cpe:/a:haxx:curl:7.28.0
cpe:/a:haxx:curl:7.28.1
cpe:/a:haxx:curl:7.29.0
cpe:/a:haxx:curl:7.30.0
cpe:/a:haxx:curl:7.31.0
cpe:/a:haxx:curl:7.32.0
cpe:/a:haxx:curl:7.33.0
cpe:/a:haxx:curl:7.34.0
cpe:/a:haxx:curl:7.35.0
cpe:/a:haxx:libcurl:7.10.6
cpe:/a:haxx:libcurl:7.10.7
cpe:/a:haxx:libcurl:7.10.8
cpe:/a:haxx:libcurl:7.11.0
cpe:/a:haxx:libcurl:7.11.1
cpe:/a:haxx:libcurl:7.11.2
cpe:/a:haxx:libcurl:7.12.0
cpe:/a:haxx:libcurl:7.12.1
cpe:/a:haxx:libcurl:7.12.2
cpe:/a:haxx:libcurl:7.12.3
cpe:/a:haxx:libcurl:7.13.0
cpe:/a:haxx:libcurl:7.13.1
cpe:/a:haxx:libcurl:7.13.2
cpe:/a:haxx:libcurl:7.14.0
cpe:/a:haxx:libcurl:7.14.1
cpe:/a:haxx:libcurl:7.15.0
cpe:/a:haxx:libcurl:7.15.1
cpe:/a:haxx:libcurl:7.15.2
cpe:/a:haxx:libcurl:7.15.3
cpe:/a:haxx:libcurl:7.15.4
cpe:/a:haxx:libcurl:7.15.5
cpe:/a:haxx:libcurl:7.16.0
cpe:/a:haxx:libcurl:7.16.1
cpe:/a:haxx:libcurl:7.16.2
cpe:/a:haxx:libcurl:7.16.3
cpe:/a:haxx:libcurl:7.16.4
cpe:/a:haxx:libcurl:7.17.0
cpe:/a:haxx:libcurl:7.17.1
cpe:/a:haxx:libcurl:7.18.0
cpe:/a:haxx:libcurl:7.18.1
cpe:/a:haxx:libcurl:7.18.2
cpe:/a:haxx:libcurl:7.19.0
cpe:/a:haxx:libcurl:7.19.1
cpe:/a:haxx:libcurl:7.19.2
cpe:/a:haxx:libcurl:7.19.3
cpe:/a:haxx:libcurl:7.19.4
cpe:/a:haxx:libcurl:7.19.5
cpe:/a:haxx:libcurl:7.19.6
cpe:/a:haxx:libcurl:7.19.7
cpe:/a:haxx:libcurl:7.20.0
cpe:/a:haxx:libcurl:7.20.1
cpe:/a:haxx:libcurl:7.21.0
cpe:/a:haxx:libcurl:7.21.1
cpe:/a:haxx:libcurl:7.21.2
cpe:/a:haxx:libcurl:7.21.3
cpe:/a:haxx:libcurl:7.21.4
cpe:/a:haxx:libcurl:7.21.5
cpe:/a:haxx:libcurl:7.21.6
cpe:/a:haxx:libcurl:7.21.7
cpe:/a:haxx:libcurl:7.22.0
cpe:/a:haxx:libcurl:7.23.0
cpe:/a:haxx:libcurl:7.23.1
cpe:/a:haxx:libcurl:7.24.0
cpe:/a:haxx:libcurl:7.25.0
cpe:/a:haxx:libcurl:7.26.0
cpe:/a:haxx:libcurl:7.27.0
cpe:/a:haxx:libcurl:7.28.0
cpe:/a:haxx:libcurl:7.28.1
cpe:/a:haxx:libcurl:7.29.0
cpe:/a:haxx:libcurl:7.30.0
cpe:/a:haxx:libcurl:7.31.0
cpe:/a:haxx:libcurl:7.32.0
cpe:/a:haxx:libcurl:7.33.0
cpe:/a:haxx:libcurl:7.34.0
cpe:/a:haxx:libcurl:7.35.0
cpe:/o:debian:debian_linux:7.0

Date published: 2014-04-15T10:55:04.107-04:00

Date last modified: 2017-12-15T21:29:03.230-05:00

CVSS Score: 6.4

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://curl.haxx.se/docs/adv_20140326A.html

Summary: The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.