CVE-2014-0015
EPSS 1.3%curl - information disclosure
發布日:2014/2/2修改日:2026/4/28
描述
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
受影響套件(2)
- Debian/curlfrom 0, < 7.35.0-1
- Debian/curlfrom 0, < 7.21.0-2.1+squeeze7