83 matches found
bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CURL-CVE-2026-1965 bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
PT-2026-24661
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description libcurl may reuse an incorrect connection when handling Negotiate-authenticated HTTP or HTTPS requests. This occurs because libcurl maintains a pool of recent connections to avoid overhead. A...
Linux Distros Unpatched Vulnerability : CVE-2026-1965
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recen...
cups has Authentication bypass with AuthType Negotiate
...
K35453761: cURL and libcurl vulnerability CVE-2017-2628
Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...
F5 Networks BIG-IP : cURL and libcurl vulnerability (K35453761)
cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6...
January 7, 2020, update for Office 2016 (KB4464586)
None None...
Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM)
Summary Multiple security vulnerabilities have been discovered in curl that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security...
Security Bulletin: Vulnerabilities in curl affect IBM Security Network Protection
Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Protection. Vulnerability Details CVEID:...
RedHat Update for curl RHSA-2017:0847-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: curl security update
An update for curl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)
It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server...
curl security update
7.19.7-53 - treat Negotiate authentication as connection-oriented CVE-2017-2628...
curl: Negotiate not treated as connection-oriented
It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could ...
[ MDVSA-2015:220 ] curl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:220 http://www.mandriva.com/en/support/security/ Package : curl Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerabilities: NTLM-authenticated...
Updated curl packages fix security vulnerabilities
Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user CVE-2015-3143. When parsing HTTP cookies, if the parsed...
Debian DLA-211-1 : curl security update
Several vulnerabilities were discovered in cURL, an URL transfer library : CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to t...
curl: multiple issues
CVE-2015-3143 re-using authenticated connection when unauthenticated: libcurl keeps a pool of its last few connections around after use to fascilitate easy, conventient and completely transparent connection re-use for applications. When doing HTTP requests NTLM authenticated, the entire...
Debian DSA-3232-1 : curl - security update
Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to...