CVE-2015-3148

EPSS 1.4%

Published: 4/24/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3148

Description

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Affected packages (1)

Debian/curlfrom 0, < 7.42.0-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3148