5 matches found
K16707: cURL and libcurl vulnerability CVE-2015-3148
Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3148 Impact Remote attackers may be able to re-use Negotiate connections as other user...
Oracle Linux 7 : curl (ELSA-2015-2159)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2159 advisory. - require credentials to match for NTLM re-use CVE-2015-3143 - close Negotiate connections when done CVE-2015-3148 - reject CRLFs in URLs passed to pro...
curl security, bug fix, and enhancement update
7.19.7-46 - require credentials to match for NTLM re-use CVE-2015-3143 - close Negotiate connections when done CVE-2015-3148 7.19.7-45 - reject CRLFs in URLs passed to proxy CVE-2014-8150 7.19.7-44 - use only full matches for hosts used as IP address in cookies CVE-2014-3613 - fix handling of...
Fedora 21 : curl-7.37.0-14.fc21 (2015-6728)
require credentials to match for NTLM re-use CVE-2015-3143 - fix invalid write with a zero-length host name in URL CVE-2015-3144 - fix invalid write in cookie path sanitization code CVE-2015-3145 - close Negotiate connections when done CVE-2015-3148 Note that Tenable Network Security has...
Fedora 22 : curl-7.40.0-3.fc22 (2015-6695)
require credentials to match for NTLM re-use CVE-2015-3143 - fix invalid write with a zero-length host name in URL CVE-2015-3144 - fix invalid write in cookie path sanitization code CVE-2015-3145 - close Negotiate connections when done CVE-2015-3148 Note that Tenable Network Security has...