Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2014-0015
StatusCandidate
DescriptioncURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
Severity
Medium
CVSS score4
CVSS vector(AV:N/AC:H/Au:N/C:P/I:P/A:N)
PhaseAssigned (16.07.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0015
ReferencesSECTRACK : 1029710
 SECUNIA : 56728
 SECUNIA : 56731
 SECUNIA : 56734
 BID : 65270
 DEBIAN : DSA-2849
 FEDORA : FEDORA-2014-1864
 FEDORA : FEDORA-2014-1876
 CONFIRM : http://curl.haxx.se/docs/adv_20140129.html
 SUSE : openSUSE-SU-2014:0274
 SLACKWARE : SSA:2014-044-01
 UBUNTU : USN-2097-1
SecurityVulns:cURL security vulnerabilitiies
 Apple Mac OS X multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod