Lucene search
AmazonALAS-2014-322HistoryApr 10, 2014 - 11:54 p.m.
Medium: curl
2014-04-1023:54:00
alas.aws.amazon.com
8
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.008 Low
EPSS
Percentile
80.8%
Issue Overview:
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Affected Packages:
curl
Issue Correction:
Run yum update curl to update your system.
New Packages:
i686:
curl-7.36.0-2.44.amzn1.i686
libcurl-devel-7.36.0-2.44.amzn1.i686
curl-debuginfo-7.36.0-2.44.amzn1.i686
libcurl-7.36.0-2.44.amzn1.i686
src:
curl-7.36.0-2.44.amzn1.src
x86_64:
curl-debuginfo-7.36.0-2.44.amzn1.x86_64
curl-7.36.0-2.44.amzn1.x86_64
libcurl-7.36.0-2.44.amzn1.x86_64
libcurl-devel-7.36.0-2.44.amzn1.x86_64
Additional References
Red Hat: CVE-2014-0138
Mitre: CVE-2014-0138
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | curl | < 7.36.0-2.44.amzn1 | curl-7.36.0-2.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libcurl-devel | < 7.36.0-2.44.amzn1 | libcurl-devel-7.36.0-2.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | curl-debuginfo | < 7.36.0-2.44.amzn1 | curl-debuginfo-7.36.0-2.44.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libcurl | < 7.36.0-2.44.amzn1 | libcurl-7.36.0-2.44.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | curl-debuginfo | < 7.36.0-2.44.amzn1 | curl-debuginfo-7.36.0-2.44.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | curl | < 7.36.0-2.44.amzn1 | curl-7.36.0-2.44.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libcurl | < 7.36.0-2.44.amzn1 | libcurl-7.36.0-2.44.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libcurl-devel | < 7.36.0-2.44.amzn1 | libcurl-devel-7.36.0-2.44.amzn1.x86_64.rpm |
Related
nessus
nessus
Amazon Linux AMI : curl (ALAS-2014-322)
2014-04-23 00:00:00
Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20140527)
2014-05-28 00:00:00
Oracle Linux 6 : curl (ELSA-2014-0561)
2014-05-28 00:00:00
osv
osv
CVE-2014-0138
2014-04-15 14:55:00
curl - security update
2014-04-13 00:00:00
redhat
redhat
(RHSA-2014:0561) Moderate: curl security and bug fix update
2014-05-27 00:00:00
(RHSA-2014:0629) Important: rhev-hypervisor6 security update
2014-06-05 00:00:00
centos
centos
curl, libcurl security update
2014-05-28 12:52:04
openvas
openvas
Fedora Update for curl FEDORA-2014-4436
2014-04-03 00:00:00
Oracle Linux Local Check: ELSA-2014-0561
2015-10-06 00:00:00
Fedora Update for curl FEDORA-2014-4436
2014-04-03 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
oraclelinux
oraclelinux
curl security and bug fix update
2014-05-27 00:00:00
prion
prion
Default configuration
2014-04-15 14:55:00
Cross site request forgery (csrf)
2014-02-02 00:55:00
Cross site request forgery (csrf)
2015-04-24 14:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: curl-7.32.0-8.fc20
2014-03-31 02:15:35
[SECURITY] Fedora 19 Update: curl-7.29.0-17.fc19
2014-03-31 02:12:04
[SECURITY] Fedora 20 Update: curl-7.32.0-4.fc20
2014-02-03 02:46:56
alpinelinux
alpinelinux
CVE-2014-0138
2014-04-15 14:55:00
cve
cve
f5
f5
K15862 : Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
2014-11-25 00:00:00
SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
2014-11-25 00:00:00
K16704 : cURL and libcurl vulnerability CVE-2015-3143
2015-05-29 00:00:00
mageia
mageia
Updated curl packages fix multiple vulnerabilities
2014-04-03 04:56:35
ibm
ibm
Security Bulletin: IBM ToolsCenter is affected by several cURL potential vulnerabilities (CVE-2014-0015, CVE-2014-0139, CVE-2014-0138, CVE-2014-2522)
2019-01-31 01:25:01
slackware
slackware
curl
2014-02-13 16:38:20
[slackware-security] curl
2014-03-28 22:53:36
amazon
amazon
Medium: curl
2014-02-26 16:51:00
Low: curl
2016-02-09 13:30:00
debian
debian
[SECURITY] [DSA 2849-1] curl security update
2014-01-31 07:47:19
[SECURITY] [DSA 2902-1] curl security update
2014-04-13 08:26:48
[SECURITY] [DSA 2902-1] curl security update
2014-04-13 08:26:48
securityvulns
securityvulns
[SECURITY] [DSA 2849-1] curl security update
2014-02-01 00:00:00
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
curl multiple security vulnerabilities
2014-04-01 00:00:00
veracode
veracode
Authentication Bypass
2019-01-15 08:51:58
Insecure Defaults
2018-08-14 06:19:27
ubuntu
ubuntu
curl vulnerability
2014-02-03 00:00:00
curl vulnerabilities
2014-04-14 00:00:00
seebug
seebug
cURL/libcURL NTLM连接远程安全限制绕过漏洞
2014-02-24 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-06-22 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
archlinux
archlinux
curl: multiple issues
2015-04-24 00:00:00
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.008 Low
EPSS
Percentile
80.8%
Related for ALAS-2014-322