Lucene search
+L

451 matches found

RedHat Linux
RedHat Linux
added 2014/05/27 4:25 p.m.29 views

curl: wrong re-use of connections in libcurl

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses 1 SCP, 2 SFTP, 3 POP3, 4 POP3S, 5 IMAP, 6 IMAPS, 7 SMTP, 8 SMTPS, 9 LDAP, and 10 LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015...

6.4CVSS6.6AI score0.0508EPSS
Exploits0References5
OSV
OSV
added 2014/04/15 3:50 p.m.8 views

SUSE-SU-2015:0962-1 Security update for curl

This curl update fixes the following security issues: bnc868627: wrong re-use of connections CVE-2014-0138. bnc868629: IP address wildcard certificate validation CVE-2014-0139. bnc870444: --insecure option inappropriately enforcing security safeguard. Security Issue references: CVE-2014-0138...

6.8CVSS5.7AI score0.17942EPSS
Exploits3References19
curl security advisories
curl security advisories
added 2014/03/26 8:0 a.m.9 views

wrong reuse of connections

libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.4CVSS6.9AI score0.0508EPSS
Exploits0Affected Software2
OSV
OSV
added 2014/03/26 8:0 a.m.13 views

CURL-CVE-2014-0138 wrong reuse of connections

libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.4CVSS6.8AI score0.0508EPSS
Exploits0
NVD
NVD
added 2014/02/02 12:55 a.m.18 views

CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request...

4CVSS7.3AI score0.05599EPSS
Exploits1References25
curl security advisories
curl security advisories
added 2014/01/29 8:0 a.m.13 views

reuse of wrong HTTP NTLM connection

libcurl can in some circumstances reuse the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion...

4CVSS6.9AI score0.05599EPSS
Exploits1Affected Software2
OSV
OSV
added 2014/01/29 8:0 a.m.15 views

CURL-CVE-2014-0015 reuse of wrong HTTP NTLM connection

libcurl can in some circumstances reuse the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion...

4CVSS6.7AI score0.05599EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.24 views

Scientific Linux Security Update : curl on SL5.x i386/x86_64

Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...

6.8CVSS7.4AI score0.04408EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2008/01/14 12:0 a.m.35 views

Ubuntu 7.04 / 7.10 : dovecot vulnerability (USN-567-1)

It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable. Note that Tenable...

6.8CVSS5.4AI score0.01959EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2008/01/10 6:21 p.m.53 views

USN-567-1: Dovecot vulnerability

It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable...

6.8CVSS5.3AI score0.01959EPSS
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.52 views

msie4-persistent-connect.txt

Date: Fri, 22 Jan 1999 14:15:32 -0600 From: Joel Moses To: [email protected] Subject: IE4 Persistent Connection Bug Hi, everyone. Working with MCI/WorldCom, we've identified a problem with IE 4 which may or may not have security implications, but is definately naughty behavior, in our opinions...

7.4AI score
Exploits0
Rows per page
Query Builder