Lucene search

[email protected]NVD:CVE-2014-0015

HistoryFeb 02, 2014 - 12:55 a.m.

CVE-2014-0015

2014-02-0200:55:05

CWE-287

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

7.3 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

Affected configurations

NVD

Node

haxxlibcurlMatch7.10.6

haxxlibcurlMatch7.10.7

haxxlibcurlMatch7.10.8

haxxlibcurlMatch7.11.0

haxxlibcurlMatch7.11.1

haxxlibcurlMatch7.11.2

haxxlibcurlMatch7.12.0

haxxlibcurlMatch7.12.1

haxxlibcurlMatch7.12.2

haxxlibcurlMatch7.12.3

haxxlibcurlMatch7.13.0

haxxlibcurlMatch7.13.1

haxxlibcurlMatch7.13.2

haxxlibcurlMatch7.14.0

haxxlibcurlMatch7.14.1

haxxlibcurlMatch7.15.0

haxxlibcurlMatch7.15.1

haxxlibcurlMatch7.15.2

haxxlibcurlMatch7.15.3

haxxlibcurlMatch7.15.4

haxxlibcurlMatch7.15.5

haxxlibcurlMatch7.16.0

haxxlibcurlMatch7.16.1

haxxlibcurlMatch7.16.2

haxxlibcurlMatch7.16.3

haxxlibcurlMatch7.16.4

haxxlibcurlMatch7.17.0

haxxlibcurlMatch7.17.1

haxxlibcurlMatch7.18.0

haxxlibcurlMatch7.18.1

haxxlibcurlMatch7.18.2

haxxlibcurlMatch7.19.0

haxxlibcurlMatch7.19.1

haxxlibcurlMatch7.19.2

haxxlibcurlMatch7.19.3

haxxlibcurlMatch7.19.4

haxxlibcurlMatch7.19.5

haxxlibcurlMatch7.19.6

haxxlibcurlMatch7.19.7

haxxlibcurlMatch7.20.0

haxxlibcurlMatch7.20.1

haxxlibcurlMatch7.21.0

haxxlibcurlMatch7.21.1

haxxlibcurlMatch7.21.2

haxxlibcurlMatch7.21.3

haxxlibcurlMatch7.21.4

haxxlibcurlMatch7.21.5

haxxlibcurlMatch7.21.6

haxxlibcurlMatch7.21.7

haxxlibcurlMatch7.22.0

haxxlibcurlMatch7.23.0

haxxlibcurlMatch7.23.1

haxxlibcurlMatch7.24.0

haxxlibcurlMatch7.25.0

haxxlibcurlMatch7.26.0

haxxlibcurlMatch7.27.0

haxxlibcurlMatch7.28.0

haxxlibcurlMatch7.28.1

haxxlibcurlMatch7.29.0

haxxlibcurlMatch7.30.0

haxxlibcurlMatch7.31.0

haxxlibcurlMatch7.32.0

haxxlibcurlMatch7.33.0

haxxlibcurlMatch7.34.0

Node

haxxcurlMatch7.10.6

haxxcurlMatch7.10.7

haxxcurlMatch7.10.8

haxxcurlMatch7.11.0

haxxcurlMatch7.11.1

haxxcurlMatch7.11.2

haxxcurlMatch7.12.0

haxxcurlMatch7.12.1

haxxcurlMatch7.12.2

haxxcurlMatch7.12.3

haxxcurlMatch7.13.0

haxxcurlMatch7.13.1

haxxcurlMatch7.13.2

haxxcurlMatch7.14.0

haxxcurlMatch7.14.1

haxxcurlMatch7.15.0

haxxcurlMatch7.15.1

haxxcurlMatch7.15.2

haxxcurlMatch7.15.3

haxxcurlMatch7.15.4

haxxcurlMatch7.15.5

haxxcurlMatch7.16.0

haxxcurlMatch7.16.1

haxxcurlMatch7.16.2

haxxcurlMatch7.16.3

haxxcurlMatch7.16.4

haxxcurlMatch7.17.0

haxxcurlMatch7.17.1

haxxcurlMatch7.18.0

haxxcurlMatch7.18.1

haxxcurlMatch7.18.2

haxxcurlMatch7.19.0

haxxcurlMatch7.19.1

haxxcurlMatch7.19.2

haxxcurlMatch7.19.3

haxxcurlMatch7.19.4

haxxcurlMatch7.19.5

haxxcurlMatch7.19.6

haxxcurlMatch7.19.7

haxxcurlMatch7.20.0

haxxcurlMatch7.20.1

haxxcurlMatch7.21.0

haxxcurlMatch7.21.1

haxxcurlMatch7.21.2

haxxcurlMatch7.21.3

haxxcurlMatch7.21.4

haxxcurlMatch7.21.5

haxxcurlMatch7.21.6

haxxcurlMatch7.21.7

haxxcurlMatch7.22.0

haxxcurlMatch7.23.0

haxxcurlMatch7.23.1

haxxcurlMatch7.24.0

haxxcurlMatch7.25.0

haxxcurlMatch7.26.0

haxxcurlMatch7.27.0

haxxcurlMatch7.28.0

haxxcurlMatch7.28.1

haxxcurlMatch7.29.0

haxxcurlMatch7.30.0

haxxcurlMatch7.31.0

haxxcurlMatch7.32.0

haxxcurlMatch7.33.0

haxxcurlMatch7.34.0

References

archives.neohapsis.com/archives/bugtraq/2014-06/0172.html

curl.haxx.se/docs/adv_20140129.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html

lists.opensuse.org/opensuse-updates/2014-02/msg00066.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/56728

secunia.com/advisories/56731

secunia.com/advisories/56734

secunia.com/advisories/56912

secunia.com/advisories/59458

secunia.com/advisories/59475

support.apple.com/kb/HT6296

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862

www.debian.org/security/2014/dsa-2849

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65270

www.securitytracker.com/id/1029710

www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.502652

www.ubuntu.com/usn/USN-2097-1

www.vmware.com/security/advisories/VMSA-2014-0012.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

7.3 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for NVD:CVE-2014-0015