CVE-2015-3143

EPSS 4.7%

curl - security update

Published: 4/24/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3143

Description

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

Affected packages (3)

Debian/curlfrom 0, < 7.42.0-1
Debian/curlfrom 0, < 7.21.0-2.1+squeeze12
Debian/curlfrom 0, < 7.26.0-1+wheezy13

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3143