Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K15862
HistoryNov 25, 2014 - 12:00 a.m.

K15862 : Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139

2014-11-2500:00:00
my.f5.com
6

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

79.0%

JSON

Security Advisory Description

CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

CVE-2014-0138

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

CVE-2014-0139

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject’s Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Impact

These vulnerabilities may allow unauthorized disclosure of information and unauthorized modification, when the local cURL utility is used on a vulnerable system.

Related

mageia 2
openvas 54
nessus 47
f5 3
ibm 11
gentoo 1
ubuntu 2
debian 3
osv 3
oraclelinux 1
amazon 3
ubuntucve 5
debiancve 5
redhat 2
centos 1
fedora 15
prion 5
alpinelinux 2
cve 5
securityvulns 8
slackware 2
veracode 3
seebug 1
vmware 2
archlinux 1
hackerone 1
ics 1
rosalinux 1
oracle 2
mageia
mageia
Updated curl packages fix multiple vulnerabilities
2014-04-03 04:56:35
Updated lftp packages fix CVE-2014-0139
2015-04-24 00:14:25
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0153)
2022-01-28 00:00:00
Debian Security Advisory DSA 2902-1 (curl - security update)
2014-04-13 00:00:00
Ubuntu: Security Advisory (USN-2167-1)
2014-04-15 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : curl (MDVSA-2014:110)
2014-06-10 00:00:00
SuSE 11.3 Security Update : curl (SAT Patch Number 9133)
2014-05-21 00:00:00
Debian DSA-2902-1 : curl - security update
2014-04-14 00:00:00
f5
f5
SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139
2014-11-25 00:00:00
K16704 : cURL and libcurl vulnerability CVE-2015-3143
2015-05-29 00:00:00
SOL16704 - cURL and libcurl vulnerability CVE-2015-3143
2015-05-29 00:00:00
ibm
ibm
Security Bulletin: IBM ToolsCenter is affected by several cURL potential vulnerabilities (CVE-2014-0015, CVE-2014-0139, CVE-2014-0138, CVE-2014-2522)
2019-01-31 01:25:01
Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-138, CVE-2014-0139)
2019-01-31 01:35:01
Security Bulletin: Vulnerabilities in cURL affect System x Integrated Management Module (IMM) (CVE-2013-2174, CVE-2014-0015, CVE-2014-0138, CVE-2014-0139)
2019-01-31 01:35:01
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-06-22 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2014-04-14 00:00:00
curl vulnerability
2014-02-03 00:00:00
debian
debian
[SECURITY] [DSA 2902-1] curl security update
2014-04-13 08:26:48
[SECURITY] [DSA 2902-1] curl security update
2014-04-13 08:26:48
[SECURITY] [DSA 2849-1] curl security update
2014-01-31 07:47:19
osv
osv
curl - security update
2014-04-13 00:00:00
CVE-2014-0138
2014-04-15 14:55:00
CVE-2014-0139
2014-04-15 14:55:00
oraclelinux
oraclelinux
curl security and bug fix update
2014-05-27 00:00:00
amazon
amazon
Medium: curl
2014-04-10 23:54:00
Medium: curl
2014-02-26 16:51:00
Low: curl
2016-02-09 13:30:00
ubuntucve
ubuntucve
CVE-2014-0138
2014-03-27 00:00:00
CVE-2014-0139
2014-03-27 00:00:00
CVE-2014-0015
2014-01-31 00:00:00
debiancve
debiancve
CVE-2014-0138
2014-04-15 14:55:00
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-0015
2014-02-02 00:55:00
redhat
redhat
(RHSA-2014:0561) Moderate: curl security and bug fix update
2014-05-27 00:00:00
(RHSA-2014:0629) Important: rhev-hypervisor6 security update
2014-06-05 00:00:00
centos
centos
curl, libcurl security update
2014-05-28 12:52:04
fedora
fedora
[SECURITY] Fedora 20 Update: curl-7.32.0-8.fc20
2014-03-31 02:15:35
[SECURITY] Fedora 20 Update: mingw-curl-7.37.0-1.fc20
2014-06-10 02:52:24
[SECURITY] Fedora 19 Update: mingw-curl-7.37.0-1.fc19
2014-06-10 03:11:23
prion
prion
Default configuration
2014-04-15 14:55:00
Design/Logic Flaw
2014-04-15 14:55:00
Cross site request forgery (csrf)
2014-02-02 00:55:00
alpinelinux
alpinelinux
CVE-2014-0138
2014-04-15 14:55:00
CVE-2014-0139
2014-04-15 14:55:00
cve
cve
CVE-2014-0138
2014-04-15 14:55:00
CVE-2014-0139
2014-04-15 14:55:00
CVE-2014-0015
2014-02-02 00:55:00
securityvulns
securityvulns
curl multiple security vulnerabilities
2014-04-01 00:00:00
[slackware-security] curl (SSA:2014-086-01)
2014-04-01 00:00:00
[SECURITY] [DSA 2849-1] curl security update
2014-02-01 00:00:00
slackware
slackware
[slackware-security] curl
2014-03-28 22:53:36
curl
2014-02-13 16:38:20
veracode
veracode
Man-in-the-Middle (MitM)
2019-06-10 05:39:48
Authentication Bypass
2019-01-15 08:51:58
Insecure Defaults
2018-08-14 06:19:27
seebug
seebug
cURL/libcURL NTLM连接远程安全限制绕过漏洞
2014-02-24 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
archlinux
archlinux
curl: multiple issues
2015-04-24 00:00:00
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

79.0%

JSON
Related for F5:K15862
mageia2openvas54nessus47f53ibm11gentoo1ubuntu2debian3osv3oraclelinux1amazon3ubuntucve5debiancve5redhat2centos1fedora15prion5alpinelinux2cve5securityvulns8slackware2veracode3seebug1vmware2archlinux1hackerone1ics1rosalinux1oracle2