CVE-2015-3143
EPSS 4.7%curl - security update
發布日:2015/4/24修改日:2026/4/28
描述
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
受影響套件(3)
- Debian/curlfrom 0, < 7.42.0-1
- Debian/curlfrom 0, < 7.21.0-2.1+squeeze12
- Debian/curlfrom 0, < 7.26.0-1+wheezy13