CVE-2015-3148

EPSS 1.4%

發布日:2015/4/24修改日:2026/4/28

描述

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

受影響套件(1)

Debian/curlfrom 0, < 7.42.0-1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3148