Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2015-3143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated...

5CVSS6.4AI score0.16222EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:19 p.m.43 views

K16704: cURL and libcurl vulnerability CVE-2015-3143

Security Advisory Description cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3143 Impact Remote attackers may be able to reuse NTLM...

5CVSS6.7AI score0.16222EPSS
Exploits0Affected Software20
Veracode
Veracode
added 2018/08/13 3:10 a.m.30 views

Reusable NTLM Connections

libcurl.so is vulnerable to reusable NTLM connections. The vulnerability exists due to the improper checks of the NTLM state when checking if a connection exists, allowing reusable NTLM connections...

5CVSS8.3AI score0.16222EPSS
Exploits0References25Affected Software2
Kitploit
Kitploit
added 2018/01/21 9:11 p.m.26 views

Ketshash - A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs

A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs. The tool was published as part of the "Pass-The-Hash detection" research - more details on "Pass-The-Hash detection" are in the blog post:...

7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/05/19 12:0 a.m.58 views

Ubuntu 14.04 LTS : OpenJDK 7 regression (USN-3275-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3275-3 advisory. USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
added 2017/05/18 9:39 p.m.88 views

USN-3275-3: OpenJDK 7 regression

USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in...

6.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/05/16 12:0 a.m.60 views

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3275-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-2 advisory. USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Tenable has extracted the preceding...

7.7CVSS6.8AI score0.03311EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2017/05/12 12:0 a.m.79 views

Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3275-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3275-1 advisory. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java...

7.7CVSS6.9AI score0.03311EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2017/04/06 12:0 a.m.76 views

F5 Networks BIG-IP : cURL and libcurl vulnerability (K16704)

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. CVE-2015-3143 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

5CVSS6.5AI score0.16222EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.26 views

Amazon Linux: Security Advisory (ALAS-2014-295)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4CVSS6.7AI score0.05599EPSS
Exploits1References2
Prion
Prion
added 2014/02/02 12:55 a.m.27 views

Cross site request forgery (csrf)

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request...

4CVSS6.8AI score0.05599EPSS
Exploits1References25Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/02/02 12:0 a.m.56 views

SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8796 / 8797)

This update fixes the re-use of wrong HTTP NTLM connections in libcurl. CVE-2014-0015 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc...

4CVSS6.4AI score0.05599EPSS
Exploits1References3
Rows per page
Query Builder