Lucene search

[email protected]NVD:CVE-2015-3148

HistoryApr 24, 2015 - 2:59 p.m.

CVE-2015-3148

2015-04-2414:59:11

CWE-284

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

9.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.6%

JSON

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

debiandebian_linuxMatch7.0

Node

applemac_os_xMatch10.10.0

applemac_os_xMatch10.10.1

applemac_os_xMatch10.10.2

applemac_os_xMatch10.10.3

applemac_os_xMatch10.10.4

Node

haxxlibcurlMatch7.10.6

haxxlibcurlMatch7.10.7

haxxlibcurlMatch7.10.8

haxxlibcurlMatch7.11.0

haxxlibcurlMatch7.11.1

haxxlibcurlMatch7.11.2

haxxlibcurlMatch7.12.0

haxxlibcurlMatch7.12.1

haxxlibcurlMatch7.12.2

haxxlibcurlMatch7.12.3

haxxlibcurlMatch7.13.0

haxxlibcurlMatch7.13.1

haxxlibcurlMatch7.13.2

haxxlibcurlMatch7.14.0

haxxlibcurlMatch7.14.1

haxxlibcurlMatch7.15.0

haxxlibcurlMatch7.15.1

haxxlibcurlMatch7.15.2

haxxlibcurlMatch7.15.3

haxxlibcurlMatch7.15.4

haxxlibcurlMatch7.15.5

haxxlibcurlMatch7.16.0

haxxlibcurlMatch7.16.1

haxxlibcurlMatch7.16.2

haxxlibcurlMatch7.16.3

haxxlibcurlMatch7.16.4

haxxlibcurlMatch7.17.0

haxxlibcurlMatch7.17.1

haxxlibcurlMatch7.18.0

haxxlibcurlMatch7.18.1

haxxlibcurlMatch7.18.2

haxxlibcurlMatch7.19.0

haxxlibcurlMatch7.19.1

haxxlibcurlMatch7.19.2

haxxlibcurlMatch7.19.3

haxxlibcurlMatch7.19.4

haxxlibcurlMatch7.19.5

haxxlibcurlMatch7.19.6

haxxlibcurlMatch7.19.7

haxxlibcurlMatch7.20.0

haxxlibcurlMatch7.20.1

haxxlibcurlMatch7.21.0

haxxlibcurlMatch7.21.1

haxxlibcurlMatch7.21.2

haxxlibcurlMatch7.21.3

haxxlibcurlMatch7.21.4

haxxlibcurlMatch7.21.5

haxxlibcurlMatch7.21.6

haxxlibcurlMatch7.21.7

haxxlibcurlMatch7.22.0

haxxlibcurlMatch7.23.0

haxxlibcurlMatch7.23.1

haxxlibcurlMatch7.24.0

haxxlibcurlMatch7.25.0

haxxlibcurlMatch7.26.0

haxxlibcurlMatch7.27.0

haxxlibcurlMatch7.28.0

haxxlibcurlMatch7.28.1

haxxlibcurlMatch7.29.0

haxxlibcurlMatch7.30.0

haxxlibcurlMatch7.31.0

haxxlibcurlMatch7.32.0

haxxlibcurlMatch7.33.0

haxxlibcurlMatch7.34.0

haxxlibcurlMatch7.35.0

haxxlibcurlMatch7.36.0

haxxlibcurlMatch7.37.0

haxxlibcurlMatch7.37.1

haxxlibcurlMatch7.38.0

haxxlibcurlMatch7.39

haxxlibcurlMatch7.40.0

haxxlibcurlMatch7.41.0

Node

hpsystem_management_homepageRange≤7.5.3.1

Node

haxxcurlMatch7.10.6

haxxcurlMatch7.10.7

haxxcurlMatch7.10.8

haxxcurlMatch7.11.0

haxxcurlMatch7.11.1

haxxcurlMatch7.11.2

haxxcurlMatch7.12.0

haxxcurlMatch7.12.1

haxxcurlMatch7.12.2

haxxcurlMatch7.12.3

haxxcurlMatch7.13.0

haxxcurlMatch7.13.1

haxxcurlMatch7.13.2

haxxcurlMatch7.14.0

haxxcurlMatch7.14.1

haxxcurlMatch7.15.0

haxxcurlMatch7.15.1

haxxcurlMatch7.15.2

haxxcurlMatch7.15.3

haxxcurlMatch7.15.4

haxxcurlMatch7.15.5

haxxcurlMatch7.16.0

haxxcurlMatch7.16.1

haxxcurlMatch7.16.2

haxxcurlMatch7.16.3

haxxcurlMatch7.16.4

haxxcurlMatch7.17.0

haxxcurlMatch7.17.1

haxxcurlMatch7.18.0

haxxcurlMatch7.18.1

haxxcurlMatch7.18.2

haxxcurlMatch7.19.0

haxxcurlMatch7.19.1

haxxcurlMatch7.19.2

haxxcurlMatch7.19.3

haxxcurlMatch7.19.4

haxxcurlMatch7.19.5

haxxcurlMatch7.19.6

haxxcurlMatch7.19.7

haxxcurlMatch7.20.0

haxxcurlMatch7.20.1

haxxcurlMatch7.21.0

haxxcurlMatch7.21.1

haxxcurlMatch7.21.2

haxxcurlMatch7.21.3

haxxcurlMatch7.21.4

haxxcurlMatch7.21.5

haxxcurlMatch7.21.6

haxxcurlMatch7.21.7

haxxcurlMatch7.22.0

haxxcurlMatch7.23.0

haxxcurlMatch7.23.1

haxxcurlMatch7.24.0

haxxcurlMatch7.25.0

haxxcurlMatch7.26.0

haxxcurlMatch7.27.0

haxxcurlMatch7.28.0

haxxcurlMatch7.28.1

haxxcurlMatch7.29.0

haxxcurlMatch7.30.0

haxxcurlMatch7.31.0

haxxcurlMatch7.32.0

haxxcurlMatch7.33.0

haxxcurlMatch7.34.0

haxxcurlMatch7.35.0

haxxcurlMatch7.36.0

haxxcurlMatch7.37.0

haxxcurlMatch7.37.1

haxxcurlMatch7.38.0

haxxcurlMatch7.39.0

haxxcurlMatch7.40.0

haxxcurlMatch7.41.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

References

advisories.mageia.org/MGASA-2015-0179.html

curl.haxx.se/docs/adv_20150422B.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html

lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html

lists.opensuse.org/opensuse-updates/2015-04/msg00057.html

marc.info/?l=bugtraq&m=145612005512270&w=2

rhn.redhat.com/errata/RHSA-2015-1254.html

www.debian.org/security/2015/dsa-3232

www.mandriva.com/security/advisories?name=MDVSA-2015:219

www.mandriva.com/security/advisories?name=MDVSA-2015:220

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/74301

www.securitytracker.com/id/1032232

www.ubuntu.com/usn/USN-2591-1

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

security.gentoo.org/glsa/201509-02

support.apple.com/kb/HT205031

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

9.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.6%

JSON

Related for NVD:CVE-2015-3148