451 matches found
curl: wrong re-use of connections in libcurl
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses 1 SCP, 2 SFTP, 3 POP3, 4 POP3S, 5 IMAP, 6 IMAPS, 7 SMTP, 8 SMTPS, 9 LDAP, and 10 LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015...
SUSE-SU-2015:0962-1 Security update for curl
This curl update fixes the following security issues: bnc868627: wrong re-use of connections CVE-2014-0138. bnc868629: IP address wildcard certificate validation CVE-2014-0139. bnc870444: --insecure option inappropriately enforcing security safeguard. Security Issue references: CVE-2014-0138...
wrong reuse of connections
libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CURL-CVE-2014-0138 wrong reuse of connections
libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CVE-2014-0015
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request...
reuse of wrong HTTP NTLM connection
libcurl can in some circumstances reuse the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion...
CURL-CVE-2014-0015 reuse of wrong HTTP NTLM connection
libcurl can in some circumstances reuse the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion...
Scientific Linux Security Update : curl on SL5.x i386/x86_64
Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...
Ubuntu 7.04 / 7.10 : dovecot vulnerability (USN-567-1)
It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable. Note that Tenable...
USN-567-1: Dovecot vulnerability
It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable...
msie4-persistent-connect.txt
Date: Fri, 22 Jan 1999 14:15:32 -0600 From: Joel Moses To: [email protected] Subject: IE4 Persistent Connection Bug Hi, everyone. Working with MCI/WorldCom, we've identified a problem with IE 4 which may or may not have security implications, but is definately naughty behavior, in our opinions...