Lucene search

PRIOn knowledge basePRION:CVE-2015-3236

HistoryJun 22, 2015 - 7:59 p.m.

Design/Logic Flaw

2015-06-2219:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.3%

JSON

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.

CPENameOperatorVersion
curleq7.40.0
curleq7.42.0
curleq7.42.1
curleq7.41.0
libcurleq7.40.0
libcurleq7.42.1
libcurleq7.41.0
libcurleq7.42.0

Name	Operator	Version
curl	eq	7.40.0
curl	eq	7.42.0
curl	eq	7.42.1
curl	eq	7.41.0
libcurl	eq	7.40.0
libcurl	eq	7.42.1
libcurl	eq	7.41.0
libcurl	eq	7.42.0

References

curl.haxx.se/docs/adv_20150617A.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/75385

www.securityfocus.com/bid/91787

kc.mcafee.com/corporate/index?page=content&id=SB10131

lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html

security.gentoo.org/glsa/201509-02

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for PRION:CVE-2015-3236