CVE-2014-0015

EPSS 1.3%

curl - information disclosure

Published: 2/2/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-0015

Description

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

Affected packages (2)

Debian/curlfrom 0, < 7.35.0-1
Debian/curlfrom 0, < 7.21.0-2.1+squeeze7

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0015