{"fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-02-03T02:46:56", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-4.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015"], "modified": "2014-02-03T02:46:56", "id": "FEDORA:6B44B21398", "href": "", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-03-31T02:15:35", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-8.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2014-03-31T02:15:35", "id": "FEDORA:C865A22C22", "href": "", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-02-15T20:02:19", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: curl-7.29.0-13.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2174", "CVE-2014-0015"], "modified": "2014-02-15T20:02:19", "id": "FEDORA:6F40B21443", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-12-01T18:56:42", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-16.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-3620", "CVE-2014-3707"], "modified": "2014-12-01T18:56:42", "id": "FEDORA:BE1C160C37C1", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-11-10T06:44:02", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-15.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-3620", "CVE-2014-3707"], "modified": "2014-11-10T06:44:02", "id": "FEDORA:0B93B60FBEB9", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-03-31T02:12:04", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: curl-7.29.0-17.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2174", "CVE-2014-0015", "CVE-2014-0138"], "modified": "2014-03-31T02:12:04", "id": "FEDORA:B385121C70", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-12-13T09:46:18", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-17.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-3620", "CVE-2014-3707"], "modified": "2014-12-13T09:46:18", "id": "FEDORA:E865D60CE84D", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-09-14T03:27:04", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-13.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-3613", "CVE-2014-3620"], "modified": "2014-09-14T03:27:04", "id": "FEDORA:BE43D21181", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2015-01-10T11:56:13", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-18.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-3620", "CVE-2014-8150"], "modified": "2015-01-10T11:56:13", "id": "FEDORA:767766087911", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2014-10-08T19:03:46", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: curl-7.29.0-23.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2174", "CVE-2014-0015", "CVE-2014-3613", "CVE-2014-3620"], "modified": "2014-10-08T19:03:46", "id": "FEDORA:929C221B10", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2015-01-03T18:59:30", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: curl-7.29.0-27.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2174", "CVE-2014-0015", "CVE-2014-3620", "CVE-2014-3707"], "modified": "2015-01-03T18:59:30", "id": "FEDORA:64C1160874EB", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. ", "edition": 2, "cvss3": {}, "published": "2015-04-28T13:01:33", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: curl-7.32.0-20.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-3620", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3145", "CVE-2015-3148"], "modified": "2015-04-28T13:01:33", "id": "FEDORA:A98556079D0B", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:51:11", "description": "This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015)", "cvss3": {"score": null, "vector": null}, "published": "2014-02-02T00:00:00", "type": "nessus", "title": "SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8796 / 8797)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:curl", "p-cpe:/a:novell:suse_linux:11:libcurl4", "p-cpe:/a:novell:suse_linux:11:libcurl4-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CURL-140117.NASL", "href": "https://www.tenable.com/plugins/nessus/72242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72242);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0015\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8796 / 8797)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the re-use of wrong HTTP NTLM connections in\nlibcurl. (CVE-2014-0015)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8796 / 8797 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"curl-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"libcurl4-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"curl-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libcurl4-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"curl-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"curl-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"libcurl4-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"curl-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libcurl4-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"curl-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"libcurl4-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"curl-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:22", "description": "- re-use of wrong HTTP NTLM connection in libcurl (CVE-2014-0015)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-17T00:00:00", "type": "nessus", "title": "Fedora 19 : curl-7.29.0-13.fc19 (2014-1864)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-1864.NASL", "href": "https://www.tenable.com/plugins/nessus/72516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-1864.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72516);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0015\");\n script_bugtraq_id(65270);\n script_xref(name:\"FEDORA\", value:\"2014-1864\");\n\n script_name(english:\"Fedora 19 : curl-7.29.0-13.fc19 (2014-1864)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - re-use of wrong HTTP NTLM connection in libcurl\n (CVE-2014-0015)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1053903\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?254aeb06\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"curl-7.29.0-13.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:22", "description": "Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-02T00:00:00", "type": "nessus", "title": "Debian DSA-2849-1 : curl - information disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:curl", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2849.NASL", "href": "https://www.tenable.com/plugins/nessus/72239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2849. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72239);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0015\");\n script_xref(name:\"DSA\", value:\"2849\");\n\n script_name(english:\"Debian DSA-2849-1 : curl - information disclosure\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paras Sethia discovered that libcurl, a client-side URL transfer\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\nwith NTLM authentication to the same server, sending requests for one\nuser over the connection authenticated as a different user.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/curl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2849\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the curl packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 7.21.0-2.1+squeeze7.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"curl\", reference:\"7.21.0-2.1+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3\", reference:\"7.21.0-2.1+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-dbg\", reference:\"7.21.0-2.1+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl3-gnutls\", reference:\"7.21.0-2.1+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.21.0-2.1+squeeze7\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.21.0-2.1+squeeze7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"curl\", reference:\"7.26.0-1+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3\", reference:\"7.26.0-1+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-dbg\", reference:\"7.26.0-1+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-gnutls\", reference:\"7.26.0-1+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl3-nss\", reference:\"7.26.0-1+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-gnutls-dev\", reference:\"7.26.0-1+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-nss-dev\", reference:\"7.26.0-1+wheezy8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libcurl4-openssl-dev\", reference:\"7.26.0-1+wheezy8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:13", "description": "Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-04T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : curl vulnerability (USN-2097-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libcurl3", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls", "p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.10"], "id": "UBUNTU_USN-2097-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2097-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72278);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0015\");\n script_bugtraq_id(65270);\n script_xref(name:\"USN\", value:\"2097-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : curl vulnerability (USN-2097-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly\nreused connections when NTLM authentication was being used. This could\nlead to the use of unintended credentials, possibly exposing sensitive\ninformation.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2097-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libcurl3, libcurl3-gnutls and / or libcurl3-nss\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcurl3\", pkgver:\"7.19.7-1ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.19.7-1ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libcurl3\", pkgver:\"7.22.0-3ubuntu4.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.22.0-3ubuntu4.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libcurl3-nss\", pkgver:\"7.22.0-3ubuntu4.7\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libcurl3\", pkgver:\"7.27.0-1ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.27.0-1ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.27.0-1ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libcurl3\", pkgver:\"7.32.0-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libcurl3-gnutls\", pkgver:\"7.32.0-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libcurl3-nss\", pkgver:\"7.32.0-1ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcurl3 / libcurl3-gnutls / libcurl3-nss\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:43", "description": "This update fixes the following security issues with curl :\n\n - bnc#858673: re-use of wrong HTTP NTLM connection (CVE-2014-0015)\n\n - bnc#862144: fix test failure because of an expired cookie", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : curl (openSUSE-SU-2014:0267-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:curl", "p-cpe:/a:novell:opensuse:curl-debuginfo", "p-cpe:/a:novell:opensuse:curl-debugsource", "p-cpe:/a:novell:opensuse:libcurl-devel", "p-cpe:/a:novell:opensuse:libcurl4", "p-cpe:/a:novell:opensuse:libcurl4-32bit", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo", "p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-149.NASL", "href": "https://www.tenable.com/plugins/nessus/75261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-149.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75261);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0015\");\n\n script_name(english:\"openSUSE Security Update : curl (openSUSE-SU-2014:0267-1)\");\n script_summary(english:\"Check for the openSUSE-2014-149 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues with curl :\n\n - bnc#858673: re-use of wrong HTTP NTLM connection\n (CVE-2014-0015)\n\n - bnc#862144: fix test failure because of an expired\n cookie\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-02/msg00059.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:curl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libcurl4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"curl-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"curl-debuginfo-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"curl-debugsource-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcurl-devel-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcurl4-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libcurl4-debuginfo-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.28.1-4.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"curl-7.32.0-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"curl-debuginfo-7.32.0-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"curl-debugsource-7.32.0-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcurl-devel-7.32.0-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcurl4-7.32.0-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libcurl4-debuginfo-7.32.0-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libcurl4-32bit-7.32.0-2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libcurl4-debuginfo-32bit-7.32.0-2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / curl-debugsource / libcurl-devel / etc\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-16T02:00:57", "description": "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-02T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2014-295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-295.NASL", "href": "https://www.tenable.com/plugins/nessus/72751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-295.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72751);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0015\");\n script_xref(name:\"ALAS\", value:\"2014-295\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2014-295)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"cURL and libcurl 7.10.6 through 7.34.0, when more than one\nauthentication method is enabled, re-uses NTLM connections, which\nmight allow context-dependent attackers to authenticate as other users\nvia a request.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-295.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.35.0-2.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.35.0-2.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.35.0-2.42.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.35.0-2.42.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:11", "description": "- re-use of wrong HTTP NTLM connection in libcurl (CVE-2014-0015)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-03T00:00:00", "type": "nessus", "title": "Fedora 20 : curl-7.32.0-4.fc20 (2014-1876)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:curl", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-1876.NASL", "href": "https://www.tenable.com/plugins/nessus/72253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-1876.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72253);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0015\");\n script_bugtraq_id(65270);\n script_xref(name:\"FEDORA\", value:\"2014-1876\");\n\n script_name(english:\"Fedora 20 : curl-7.32.0-4.fc20 (2014-1876)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - re-use of wrong HTTP NTLM connection in libcurl\n (CVE-2014-0015)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1053903\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7d93fc1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"curl-7.32.0-4.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:04", "description": "New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-14T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2014-044-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:curl", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2014-044-01.NASL", "href": "https://www.tenable.com/plugins/nessus/72488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-044-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72488);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0015\");\n script_bugtraq_id(65270);\n script_xref(name:\"SSA\", value:\"2014-044-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2014-044-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New curl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.502652\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9abadc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"curl\", pkgver:\"7.35.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:51:22", "description": "This update fixes the re-use of wrong HTTP NTLM connections in libcurl. (CVE-2014-0015)", "cvss3": {"score": null, "vector": null}, "published": "2014-02-02T00:00:00", "type": "nessus", "title": "SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8796 / 8797)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:curl", "p-cpe:/a:novell:suse_linux:11:libcurl4", "p-cpe:/a:novell:suse_linux:11:libcurl4-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_CURL-140118.NASL", "href": "https://www.tenable.com/plugins/nessus/72243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72243);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0015\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8796 / 8797)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the re-use of wrong HTTP NTLM connections in\nlibcurl. (CVE-2014-0015)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8796 / 8797 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libcurl4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"curl-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libcurl4-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"curl-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libcurl4-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"libcurl4-32bit-7.19.7-1.20.31.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"curl-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libcurl4-7.19.7-1.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libcurl4-32bit-7.19.7-1.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:50:24", "description": "From Red Hat Security Advisory 2014:0561 :\n\nUpdated curl packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\ncURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Paras Sethia as the original reporter of CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of this issue, and Steve Holme as the original reporter of CVE-2014-0138.\n\nThis update also fixes the following bugs :\n\n* Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. (BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications that use libcurl have to be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-28T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : curl (ELSA-2014-0561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:curl", "p-cpe:/a:oracle:linux:libcurl", "p-cpe:/a:oracle:linux:libcurl-devel", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-0561.NASL", "href": "https://www.tenable.com/plugins/nessus/74203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0561 and \n# Oracle Linux Security Advisory ELSA-2014-0561 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74203);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\");\n script_bugtraq_id(65270, 66457);\n script_xref(name:\"RHSA\", value:\"2014:0561\");\n\n script_name(english:\"Oracle Linux 6 : curl (ELSA-2014-0561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0561 :\n\nUpdated curl packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections\nfor requests that should have used different or no authentication\ncredentials, when using one of the following protocols: HTTP(S) with\nNTLM authentication, LDAP(S), SCP, or SFTP. If an application using\nthe libcurl library connected to a remote server with certain\nauthentication credentials, this flaw could cause other requests to\nuse those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these\nissues. Upstream acknowledges Paras Sethia as the original reporter of\nCVE-2014-0015 and Yehezkel Horowitz for discovering the security\nimpact of this issue, and Steve Holme as the original reporter of\nCVE-2014-0138.\n\nThis update also fixes the following bugs :\n\n* Previously, the libcurl library was closing a network socket without\nfirst terminating the SSL connection using the socket. This resulted\nin a write after close and consequent leakage of memory dynamically\nallocated by the SSL library. An upstream patch has been applied on\nlibcurl to fix this bug. As a result, the write after close no longer\nhappens, and the SSL library no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL\nhandshake, which negatively affected performance of applications based\non libcurl's multi API. To fix this bug, the non-blocking SSL\nhandshake has been implemented by libcurl. With this update, libcurl's\nmulti API immediately returns the control back to the application\nwhenever it cannot read/write data from/to the underlying network\nsocket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due\nto an expired cookie in the upstream test-suite, which runs during the\nbuild. An upstream patch has been applied to postpone the expiration\ndate of the cookie, which makes it possible to rebuild the package\nfrom sources again. (BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using\nKerberos whenever such an authentication method was offered by the\nserver. This caused problems when the server offered multiple\nauthentication methods and Kerberos was not the selected one. An\nupstream patch has been applied on libcurl to fix this bug. Now\nlibcurl no longer uses Kerberos authentication if another\nauthentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications that use libcurl have to be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-May/004148.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"curl-7.19.7-37.el6_5.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-7.19.7-37.el6_5.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libcurl-devel-7.19.7-37.el6_5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-03-24T22:06:17", "description": "According to the version of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1696)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1696.NASL", "href": "https://www.tenable.com/plugins/nessus/126538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126538);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0755\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2019-1696)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the curl packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1696\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e58076ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h12\",\n \"libcurl-7.29.0-46.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-16T14:03:17", "description": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015 .", "cvss3": {"score": null, "vector": null}, "published": "2014-04-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2014-322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-322.NASL", "href": "https://www.tenable.com/plugins/nessus/73650", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-322.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73650);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0138\");\n script_xref(name:\"ALAS\", value:\"2014-322\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2014-322)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The default configuration in cURL and libcurl 7.10.6 before 7.36.0\nre-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS,\n(7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might\nallow context-dependent attackers to connect as other users via a\nrequest, a similar issue to CVE-2014-0015 .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-322.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.36.0-2.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.36.0-2.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.36.0-2.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.36.0-2.44.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:50:25", "description": "Updated curl packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\ncURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Paras Sethia as the original reporter of CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of this issue, and Steve Holme as the original reporter of CVE-2014-0138.\n\nThis update also fixes the following bugs :\n\n* Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. (BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications that use libcurl have to be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-29T00:00:00", "type": "nessus", "title": "CentOS 6 : curl (CESA-2014:0561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:curl", "p-cpe:/a:centos:centos:libcurl", "p-cpe:/a:centos:centos:libcurl-devel", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-0561.NASL", "href": "https://www.tenable.com/plugins/nessus/74227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0561 and \n# CentOS Errata and Security Advisory 2014:0561 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74227);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\");\n script_bugtraq_id(65270, 66457);\n script_xref(name:\"RHSA\", value:\"2014:0561\");\n\n script_name(english:\"CentOS 6 : curl (CESA-2014:0561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections\nfor requests that should have used different or no authentication\ncredentials, when using one of the following protocols: HTTP(S) with\nNTLM authentication, LDAP(S), SCP, or SFTP. If an application using\nthe libcurl library connected to a remote server with certain\nauthentication credentials, this flaw could cause other requests to\nuse those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these\nissues. Upstream acknowledges Paras Sethia as the original reporter of\nCVE-2014-0015 and Yehezkel Horowitz for discovering the security\nimpact of this issue, and Steve Holme as the original reporter of\nCVE-2014-0138.\n\nThis update also fixes the following bugs :\n\n* Previously, the libcurl library was closing a network socket without\nfirst terminating the SSL connection using the socket. This resulted\nin a write after close and consequent leakage of memory dynamically\nallocated by the SSL library. An upstream patch has been applied on\nlibcurl to fix this bug. As a result, the write after close no longer\nhappens, and the SSL library no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL\nhandshake, which negatively affected performance of applications based\non libcurl's multi API. To fix this bug, the non-blocking SSL\nhandshake has been implemented by libcurl. With this update, libcurl's\nmulti API immediately returns the control back to the application\nwhenever it cannot read/write data from/to the underlying network\nsocket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due\nto an expired cookie in the upstream test-suite, which runs during the\nbuild. An upstream patch has been applied to postpone the expiration\ndate of the cookie, which makes it possible to rebuild the package\nfrom sources again. (BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using\nKerberos whenever such an authentication method was offered by the\nserver. This caused problems when the server offered multiple\nauthentication methods and Kerberos was not the selected one. An\nupstream patch has been applied on libcurl to fix this bug. Now\nlibcurl no longer uses Kerberos authentication if another\nauthentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications that use libcurl have to be restarted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-May/020321.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?79deafab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0138\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"curl-7.19.7-37.el6_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libcurl-7.19.7-37.el6_5.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libcurl-devel-7.19.7-37.el6_5.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-03-27T14:48:55", "description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015 . (CVE-2016-0755)", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2016-02-10T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : curl (ALAS-2016-652)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:curl", "p-cpe:/a:amazon:linux:curl-debuginfo", "p-cpe:/a:amazon:linux:libcurl", "p-cpe:/a:amazon:linux:libcurl-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-652.NASL", "href": "https://www.tenable.com/plugins/nessus/88664", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-652.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88664);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2016-0755\");\n script_xref(name:\"ALAS\", value:\"2016-652\");\n\n script_name(english:\"Amazon Linux AMI : curl (ALAS-2016-652)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ConnectionExists function in lib/url.c in libcurl before 7.47.0\ndoes not properly re-use NTLM-authenticated proxy connections, which\nmight allow remote attackers to authenticate as other users via a\nrequest, a similar issue to CVE-2014-0015 . (CVE-2016-0755)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-652.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update curl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"curl-7.40.0-8.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"curl-debuginfo-7.40.0-8.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-7.40.0-8.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libcurl-devel-7.40.0-8.54.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:50:24", "description": "Updated curl packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\ncURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Paras Sethia as the original reporter of CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of this issue, and Steve Holme as the original reporter of CVE-2014-0138.\n\nThis update also fixes the following bugs :\n\n* Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. (BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications that use libcurl have to be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-28T00:00:00", "type": "nessus", "title": "RHEL 6 : curl (RHSA-2014:0561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:curl", "p-cpe:/a:redhat:enterprise_linux:curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libcurl", "p-cpe:/a:redhat:enterprise_linux:libcurl-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0561.NASL", "href": "https://www.tenable.com/plugins/nessus/74205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0561. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74205);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\");\n script_bugtraq_id(65270, 66457);\n script_xref(name:\"RHSA\", value:\"2014:0561\");\n\n script_name(english:\"RHEL 6 : curl (RHSA-2014:0561)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\ncURL provides the libcurl library and a command line tool for\ndownloading files from servers using various protocols, including\nHTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections\nfor requests that should have used different or no authentication\ncredentials, when using one of the following protocols: HTTP(S) with\nNTLM authentication, LDAP(S), SCP, or SFTP. If an application using\nthe libcurl library connected to a remote server with certain\nauthentication credentials, this flaw could cause other requests to\nuse those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these\nissues. Upstream acknowledges Paras Sethia as the original reporter of\nCVE-2014-0015 and Yehezkel Horowitz for discovering the security\nimpact of this issue, and Steve Holme as the original reporter of\nCVE-2014-0138.\n\nThis update also fixes the following bugs :\n\n* Previously, the libcurl library was closing a network socket without\nfirst terminating the SSL connection using the socket. This resulted\nin a write after close and consequent leakage of memory dynamically\nallocated by the SSL library. An upstream patch has been applied on\nlibcurl to fix this bug. As a result, the write after close no longer\nhappens, and the SSL library no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL\nhandshake, which negatively affected performance of applications based\non libcurl's multi API. To fix this bug, the non-blocking SSL\nhandshake has been implemented by libcurl. With this update, libcurl's\nmulti API immediately returns the control back to the application\nwhenever it cannot read/write data from/to the underlying network\nsocket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due\nto an expired cookie in the upstream test-suite, which runs during the\nbuild. An upstream patch has been applied to postpone the expiration\ndate of the cookie, which makes it possible to rebuild the package\nfrom sources again. (BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using\nKerberos whenever such an authentication method was offered by the\nserver. This caused problems when the server offered multiple\nauthentication methods and Kerberos was not the selected one. An\nupstream patch has been applied on libcurl to fix this bug. Now\nlibcurl no longer uses Kerberos authentication if another\nauthentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications that use libcurl have to be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0015\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0561\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"curl-7.19.7-37.el6_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"curl-7.19.7-37.el6_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"curl-7.19.7-37.el6_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"curl-debuginfo-7.19.7-37.el6_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-7.19.7-37.el6_5.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libcurl-devel-7.19.7-37.el6_5.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:50:18", "description": "It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nThis update also fixes the following bugs :\n\n - Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory.\n\n - Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket.\n\n - Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again.\n\n - Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected.\n\nAll running applications that use libcurl have to be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-28T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20140527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:curl", "p-cpe:/a:fermilab:scientific_linux:curl-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libcurl", "p-cpe:/a:fermilab:scientific_linux:libcurl-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140527_CURL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/74208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74208);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\");\n\n script_name(english:\"Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20140527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that libcurl could incorrectly reuse existing connections\nfor requests that should have used different or no authentication\ncredentials, when using one of the following protocols: HTTP(S) with\nNTLM authentication, LDAP(S), SCP, or SFTP. If an application using\nthe libcurl library connected to a remote server with certain\nauthentication credentials, this flaw could cause other requests to\nuse those same credentials. (CVE-2014-0015, CVE-2014-0138)\n\nThis update also fixes the following bugs :\n\n - Previously, the libcurl library was closing a network\n socket without first terminating the SSL connection\n using the socket. This resulted in a write after close\n and consequent leakage of memory dynamically allocated\n by the SSL library. An upstream patch has been applied\n on libcurl to fix this bug. As a result, the write after\n close no longer happens, and the SSL library no longer\n leaks memory.\n\n - Previously, the libcurl library did not implement a\n non-blocking SSL handshake, which negatively affected\n performance of applications based on libcurl's multi\n API. To fix this bug, the non-blocking SSL handshake has\n been implemented by libcurl. With this update, libcurl's\n multi API immediately returns the control back to the\n application whenever it cannot read/write data from/to\n the underlying network socket.\n\n - Previously, the curl package could not be rebuilt from\n sources due to an expired cookie in the upstream\n test-suite, which runs during the build. An upstream\n patch has been applied to postpone the expiration date\n of the cookie, which makes it possible to rebuild the\n package from sources again.\n\n - Previously, the libcurl library attempted to\n authenticate using Kerberos whenever such an\n authentication method was offered by the server. This\n caused problems when the server offered multiple\n authentication methods and Kerberos was not the selected\n one. An upstream patch has been applied on libcurl to\n fix this bug. Now libcurl no longer uses Kerberos\n authentication if another authentication method is\n selected.\n\nAll running applications that use libcurl have to be restarted for\nthis update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1405&L=scientific-linux-errata&T=0&P=1281\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5293da7c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"curl-7.19.7-37.el6_5.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"curl-debuginfo-7.19.7-37.el6_5.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-7.19.7-37.el6_5.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libcurl-devel-7.19.7-37.el6_5.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / curl-debuginfo / libcurl / libcurl-devel\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:37:17", "description": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.\n(CVE-2015-3143)", "cvss3": {"score": null, "vector": null}, "published": "2017-04-06T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : cURL and libcurl vulnerability (K16704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2015-3143"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16704.NASL", "href": "https://www.tenable.com/plugins/nessus/99203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16704.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99203);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2015-3143\");\n script_bugtraq_id(65270, 74299);\n\n script_name(english:\"F5 Networks BIG-IP : cURL and libcurl vulnerability (K16704)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM\nconnections, which allows remote attackers to connect as other users\nvia an unauthenticated request, a similar issue to CVE-2014-0015.\n(CVE-2015-3143)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16704\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16704.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16704\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1HF1\",\"11.5.4HF2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4HF2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:35", "description": "Updated curl packages fix security vulnerabilities :\n\nParas Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user (CVE-2014-0015).\n\nlibcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials (CVE-2014-0138).\n\nlibcurl incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-10T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : curl (MDVSA-2014:110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:curl", "p-cpe:/a:mandriva:linux:curl-examples", "p-cpe:/a:mandriva:linux:lib64curl-devel", "p-cpe:/a:mandriva:linux:lib64curl4", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-110.NASL", "href": "https://www.tenable.com/plugins/nessus/74418", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:110. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74418);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\", \"CVE-2014-0139\");\n script_bugtraq_id(65270, 66457, 66458);\n script_xref(name:\"MDVSA\", value:\"2014:110\");\n\n script_name(english:\"Mandriva Linux Security Advisory : curl (MDVSA-2014:110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages fix security vulnerabilities :\n\nParas Sethia discovered that libcurl would sometimes mix up multiple\nHTTP and HTTPS connections with NTLM authentication to the same\nserver, sending requests for one user over the connection\nauthenticated as a different user (CVE-2014-0015).\n\nlibcurl can in some circumstances re-use the wrong connection when\nasked to do transfers using other protocols than HTTP and FTP, causing\na transfer that was initiated by an application to wrongfully re-use\nan existing connection to the same server that was authenticated using\ndifferent credentials (CVE-2014-0138).\n\nlibcurl incorrectly validates wildcard SSL certificates containing\nliteral IP addresses, so under certain conditions, it would allow and\nuse a wildcard match specified in the CN field, allowing a malicious\nserver to participate in a MITM attack or just fool users into\nbelieving that it is a legitimate site (CVE-2014-0139).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0153.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"curl-7.24.0-3.5.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"curl-examples-7.24.0-3.5.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.24.0-3.5.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64curl4-7.24.0-3.5.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-03-24T22:09:44", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\n - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-06-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755", "CVE-2017-7407", "CVE-2018-16842"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1665.NASL", "href": "https://www.tenable.com/plugins/nessus/126292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126292);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0755\",\n \"CVE-2017-7407\",\n \"CVE-2018-16842\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1665)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The ourWriteOut function in tool_writeout.c in curl\n 7.53.1 might allow physically proximate attackers to\n obtain sensitive information from process memory in\n opportunistic circumstances by reading a workstation\n screen during use of a --write-out argument ending in a\n '%' character, which leads to a heap-based buffer\n over-read.(CVE-2017-7407)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1665\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d6f2b03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h13.eulerosv2r7\",\n \"libcurl-7.29.0-46.h13.eulerosv2r7\",\n \"libcurl-devel-7.29.0-46.h13.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:05", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. (CVE-2013-1944)\n\n - Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a '%' (percent) character. (CVE-2013-2174)\n\n - cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n (CVE-2013-4545)\n\n - cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.\n (CVE-2014-0015)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : libcurl (cve_2013_1944_information_disclosure)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1944", "CVE-2013-2174", "CVE-2013-4545", "CVE-2014-0015"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:libcurl"], "id": "SOLARIS11_LIBCURL_20140415.NASL", "href": "https://www.tenable.com/plugins/nessus/80662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80662);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1944\", \"CVE-2013-2174\", \"CVE-2013-4545\", \"CVE-2014-0015\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libcurl (cve_2013_1944_information_disclosure)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The tailMatch function in cookie.c in cURL and libcurl\n before 7.30.0 does not properly match the path domain\n when sending cookies, which allows remote attackers to\n steal cookies via a matching suffix in the domain of a\n URL. (CVE-2013-1944)\n\n - Heap-based buffer overflow in the curl_easy_unescape\n function in lib/escape.c in cURL and libcurl 7.7 through\n 7.30.0 allows remote attackers to cause a denial of\n service (application crash) or possibly execute\n arbitrary code via a crafted string ending in a '%'\n (percent) character. (CVE-2013-2174)\n\n - cURL and libcurl 7.18.0 through 7.32.0, when built with\n OpenSSL, disables the certificate CN and SAN name field\n verification (CURLOPT_SSL_VERIFYHOST) when the digital\n signature verification (CURLOPT_SSL_VERIFYPEER) is\n disabled, which allows man-in-the-middle attackers to\n spoof SSL servers via an arbitrary valid certificate.\n (CVE-2013-4545)\n\n - cURL and libcurl 7.10.6 through 7.34.0, when more than\n one authentication method is enabled, re-uses NTLM\n connections, which might allow context-dependent\n attackers to authenticate as other users via a request.\n (CVE-2014-0015)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2013-1944-information-disclosure-vulnerability-in-libcurl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?696735e3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2013-2174-buffer-errors-vulnerability-in-libcurl\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2013-4545-cryptographic-issues-vulnerability-in-libcurl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34569292\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-0015-authentication-issues-vulnerability-in-libcurl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?329ec411\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.18.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libcurl\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libcurl$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcurl\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.18.0.5.0\", sru:\"SRU 11.1.18.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libcurl\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libcurl\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-24T21:50:09", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436)\n\n - The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755", "CVE-2017-7407", "CVE-2018-16842", "CVE-2019-5436"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2054.NASL", "href": "https://www.tenable.com/plugins/nessus/129247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129247);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0755\",\n \"CVE-2017-7407\",\n \"CVE-2018-16842\",\n \"CVE-2019-5436\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : curl (EulerOS-SA-2019-2054)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - A heap buffer overflow in the TFTP receiving code\n allows for DoS or arbitrary code execution in libcurl\n versions 7.19.4 through 7.64.1.(CVE-2019-5436)\n\n - The ourWriteOut function in tool_writeout.c in curl\n 7.53.1 might allow physically proximate attackers to\n obtain sensitive information from process memory in\n opportunistic circumstances by reading a workstation\n screen during use of a --write-out argument ending in a\n '%' character, which leads to a heap-based buffer\n over-read.(CVE-2017-7407)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3428b002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h25\",\n \"libcurl-7.29.0-35.h25\",\n \"libcurl-devel-7.29.0-35.h25\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-03-24T21:34:49", "description": "According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2015-3153", "CVE-2016-0755", "CVE-2016-8625", "CVE-2018-16842", "CVE-2019-5482"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "p-cpe:/a:huawei:euleros:libcurl-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2410.NASL", "href": "https://www.tenable.com/plugins/nessus/131902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131902);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-3153\",\n \"CVE-2016-0755\",\n \"CVE-2016-8625\",\n \"CVE-2018-16842\",\n \"CVE-2019-5482\"\n );\n script_bugtraq_id(\n 74408\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The default configuration for cURL and libcurl before\n 7.42.1 sends custom HTTP headers to both the proxy and\n destination server, which might allow remote proxy\n servers to obtain sensitive information by reading the\n header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003\n standard to handle International Domain Names and this\n may lead users to potentially and unknowingly issue\n network transfer requests to the wrong\n host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in\n cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2410\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c4001b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h30\",\n \"libcurl-7.29.0-35.h30\",\n \"libcurl-devel-7.29.0-35.h30\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:47", "description": "The remote VMware ESXi host is affected by multiple vulnerabilities :\n\n - Multiple denial of service vulnerabilities exist in Python function _read_status() in library httplib and in function readline() in libraries smtplib, ftplib, nntplib, imaplib, and poplib. A remote attacker can exploit these vulnerabilities to crash the module.\n (CVE-2013-1752)\n\n - A out-of-bounds read error exists in file parser.c in library libxml2 due to a failure to properly check the XML_PARSER_EOF state. An unauthenticated, remote attacker can exploit this, via a crafted document that abruptly ends, to cause a denial of service.\n (CVE-2013-2877)\n\n - A spoofing vulnerability exists in the Python SSL module in the ssl.match_hostname() function due to improper handling of the NULL character ('\\0') in a domain name in the Subject Alternative Name field of an X.509 certificate. A man-in-the-middle attacker can exploit this, via a crafted certificate issued by a legitimate certification authority, to spoof arbitrary SSL servers.\n (CVE-2013-4238)\n\n - cURL and libcurl are affected by a flaw related to the re-use of NTLM connections whenever more than one authentication method is enabled. An unauthenticated, remote attacker can exploit this, via a crafted request, to connect and impersonate other users. (CVE-2014-0015)\n\n - The default configuration in cURL and libcurl reuses the SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP, and LDAPS connections. An unauthenticated, remote attacker can exploit this, via a crafted request, to connect and impersonate other users. (CVE-2014-0138)\n\n - A flaw exists in the xmlParserHandlePEReference() function in file parser.c in libxml2 due to loading external entities regardless of entity substitution or validation being enabled. An unauthenticated, remote attacker can exploit this, via a crafted XML document, to exhaust resources, resulting in a denial of service.\n (CVE-2014-0191)", "cvss3": {"score": null, "vector": null}, "published": "2015-12-30T00:00:00", "type": "nessus", "title": "VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-2877", "CVE-2013-4238", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0191"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.0", "cpe:/o:vmware:esxi:5.1", "cpe:/o:vmware:esxi:5.5"], "id": "VMWARE_VMSA-2014-0012_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/87681", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87681);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-1752\",\n \"CVE-2013-2877\",\n \"CVE-2013-4238\",\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-0191\"\n );\n script_bugtraq_id(\n 61050,\n 61738,\n 63804,\n 65270,\n 66457,\n 67233\n );\n script_xref(name:\"VMSA\", value:\"2014-0012\");\n\n script_name(english:\"VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)\");\n script_summary(english:\"Checks the version and build numbers of the remote host.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is affected by multiple vulnerabilities :\n\n - Multiple denial of service vulnerabilities exist in\n Python function _read_status() in library httplib and\n in function readline() in libraries smtplib, ftplib,\n nntplib, imaplib, and poplib. A remote attacker can\n exploit these vulnerabilities to crash the module.\n (CVE-2013-1752)\n\n - A out-of-bounds read error exists in file parser.c in\n library libxml2 due to a failure to properly check the\n XML_PARSER_EOF state. An unauthenticated, remote\n attacker can exploit this, via a crafted document that\n abruptly ends, to cause a denial of service.\n (CVE-2013-2877)\n\n - A spoofing vulnerability exists in the Python SSL module\n in the ssl.match_hostname() function due to improper\n handling of the NULL character ('\\0') in a domain name\n in the Subject Alternative Name field of an X.509\n certificate. A man-in-the-middle attacker can exploit\n this, via a crafted certificate issued by a legitimate\n certification authority, to spoof arbitrary SSL servers.\n (CVE-2013-4238)\n\n - cURL and libcurl are affected by a flaw related to the\n re-use of NTLM connections whenever more than one\n authentication method is enabled. An unauthenticated,\n remote attacker can exploit this, via a crafted request,\n to connect and impersonate other users. (CVE-2014-0015)\n\n - The default configuration in cURL and libcurl reuses the\n SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP,\n and LDAPS connections. An unauthenticated, remote\n attacker can exploit this, via a crafted request, to \n connect and impersonate other users. (CVE-2014-0138)\n\n - A flaw exists in the xmlParserHandlePEReference()\n function in file parser.c in libxml2 due to loading\n external entities regardless of entity substitution or\n validation being enabled. An unauthenticated, remote\n attacker can exploit this, via a crafted XML document,\n to exhaust resources, resulting in a denial of service.\n (CVE-2014-0191)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0012\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2015/000287.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESXi version 5.0 / 5.1 / 5.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\npci = FALSE;\npci = get_kb_item(\"Settings/PCI_DSS\");\n\nif (\"ESXi\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESXi\");\n\nesx = \"ESXi\";\n\nextract = eregmatch(pattern:\"^ESXi (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESXi\");\nelse\n ver = extract[1];\n\nfixes = make_array(\n \"5.0\", \"See vendor\",\n \"5.1\", \"2323236\",\n \"5.5\", \"See vendor\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware ESXi\", ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif(!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver, build);\n\nif (!pci && fix == \"See vendor\")\n audit(AUDIT_PCI);\n\nvuln = FALSE;\n\n# This is for PCI reporting\nif (pci && fix == \"See vendor\")\n vuln = TRUE;\nelse if (build < fix )\n vuln = TRUE;\n\nif (vuln)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version : ESXi ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else\n security_warning(port:port);\n\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver, build);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:45:01", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - require credentials to match for NTLM re-use (CVE-2015-3143)\n\n - close Negotiate connections when done (CVE-2015-3148)\n\n - reject CRLFs in URLs passed to proxy (CVE-2014-8150)\n\n - use only full matches for hosts used as IP address in cookies (CVE-2014-3613)\n\n - fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)\n\n - fix manpage typos found using aspell (#1011101)\n\n - fix comments about loading CA certs with NSS in man pages (#1011083)\n\n - fix handling of DNS cache timeout while a transfer is in progress (#835898)\n\n - eliminate unnecessary inotify events on upload via file protocol (#883002)\n\n - use correct socket type in the examples (#997185)\n\n - do not crash if MD5 fingerprint is not provided by libssh2 (#1008178)\n\n - fix SIGSEGV of curl --retry when network is down (#1009455)\n\n - allow to use TLS 1.1 and TLS 1.2 (#1012136)\n\n - docs: update the links to cipher-suites supported by NSS (#1104160)\n\n - allow to use ECC ciphers if NSS implements them (#1058767)\n\n - make curl --trace-time print correct time (#1120196)\n\n - let tool call PR_Cleanup on exit if NSPR is used (#1146528)\n\n - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747)\n\n - allow to enable/disable new AES cipher-suites (#1156422)\n\n - include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163)\n\n - disable libcurl-level downgrade to SSLv3 (#1154059)\n\n - do not force connection close after failed HEAD request (#1168137)\n\n - fix occasional SIGSEGV during SSL handshake (#1168668)\n\n - fix a connection failure when FTPS handle is reused (#1154663)\n\n - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015)\n\n - fix connection re-use when using different log-in credentials (CVE-2014-0138)\n\n - fix authentication failure when server offers multiple auth options (#799557)\n\n - refresh expired cookie in test172 from upstream test-suite (#1069271)\n\n - fix a memory leak caused by write after close (#1078562)\n\n - nss: implement non-blocking SSL handshake (#1083742)", "cvss3": {"score": null, "vector": null}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : curl (OVMSA-2015-0107)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-8150", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:curl", "p-cpe:/a:oracle:vm:libcurl", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0107.NASL", "href": "https://www.tenable.com/plugins/nessus/85148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0107.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85148);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\", \"CVE-2014-3613\", \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2015-3143\", \"CVE-2015-3148\");\n script_bugtraq_id(65270, 66457, 69748, 70988, 71964, 74299, 74301);\n\n script_name(english:\"OracleVM 3.3 : curl (OVMSA-2015-0107)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - require credentials to match for NTLM re-use\n (CVE-2015-3143)\n\n - close Negotiate connections when done (CVE-2015-3148)\n\n - reject CRLFs in URLs passed to proxy (CVE-2014-8150)\n\n - use only full matches for hosts used as IP address in\n cookies (CVE-2014-3613)\n\n - fix handling of CURLOPT_COPYPOSTFIELDS in\n curl_easy_duphandle (CVE-2014-3707)\n\n - fix manpage typos found using aspell (#1011101)\n\n - fix comments about loading CA certs with NSS in man\n pages (#1011083)\n\n - fix handling of DNS cache timeout while a transfer is in\n progress (#835898)\n\n - eliminate unnecessary inotify events on upload via file\n protocol (#883002)\n\n - use correct socket type in the examples (#997185)\n\n - do not crash if MD5 fingerprint is not provided by\n libssh2 (#1008178)\n\n - fix SIGSEGV of curl --retry when network is down\n (#1009455)\n\n - allow to use TLS 1.1 and TLS 1.2 (#1012136)\n\n - docs: update the links to cipher-suites supported by NSS\n (#1104160)\n\n - allow to use ECC ciphers if NSS implements them\n (#1058767)\n\n - make curl --trace-time print correct time (#1120196)\n\n - let tool call PR_Cleanup on exit if NSPR is used\n (#1146528)\n\n - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth\n (#1154747)\n\n - allow to enable/disable new AES cipher-suites (#1156422)\n\n - include response headers added by proxy in\n CURLINFO_HEADER_SIZE (#1161163)\n\n - disable libcurl-level downgrade to SSLv3 (#1154059)\n\n - do not force connection close after failed HEAD request\n (#1168137)\n\n - fix occasional SIGSEGV during SSL handshake (#1168668)\n\n - fix a connection failure when FTPS handle is reused\n (#1154663)\n\n - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015)\n\n - fix connection re-use when using different log-in\n credentials (CVE-2014-0138)\n\n - fix authentication failure when server offers multiple\n auth options (#799557)\n\n - refresh expired cookie in test172 from upstream\n test-suite (#1069271)\n\n - fix a memory leak caused by write after close (#1078562)\n\n - nss: implement non-blocking SSL handshake (#1083742)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000355.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected curl / libcurl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"curl-7.19.7-46.el6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"libcurl-7.19.7-46.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl / libcurl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:46:38", "description": "Updated curl packages fix security vulnerabilities :\n\nParas Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user (CVE-2014-0015).\n\nlibcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials (CVE-2014-0138).\n\nlibcurl incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139).\n\nIn cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to access the site (CVE-2014-3613).\n\nIn cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain (CVE-2014-3620).\n\nSymeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence (CVE-2014-3707).\n\nWhen libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL (CVE-2014-8150).", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : curl (MDVSA-2015:098)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139", "CVE-2014-3613", "CVE-2014-3620", "CVE-2014-3707", "CVE-2014-8150"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:curl", "p-cpe:/a:mandriva:linux:curl-examples", "p-cpe:/a:mandriva:linux:lib64curl-devel", "p-cpe:/a:mandriva:linux:lib64curl4", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-098.NASL", "href": "https://www.tenable.com/plugins/nessus/82351", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:098. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82351);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\", \"CVE-2014-0139\", \"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-3707\", \"CVE-2014-8150\");\n script_xref(name:\"MDVSA\", value:\"2015:098\");\n\n script_name(english:\"Mandriva Linux Security Advisory : curl (MDVSA-2015:098)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated curl packages fix security vulnerabilities :\n\nParas Sethia discovered that libcurl would sometimes mix up multiple\nHTTP and HTTPS connections with NTLM authentication to the same\nserver, sending requests for one user over the connection\nauthenticated as a different user (CVE-2014-0015).\n\nlibcurl can in some circumstances re-use the wrong connection when\nasked to do transfers using other protocols than HTTP and FTP, causing\na transfer that was initiated by an application to wrongfully re-use\nan existing connection to the same server that was authenticated using\ndifferent credentials (CVE-2014-0138).\n\nlibcurl incorrectly validates wildcard SSL certificates containing\nliteral IP addresses, so under certain conditions, it would allow and\nuse a wildcard match specified in the CN field, allowing a malicious\nserver to participate in a MITM attack or just fool users into\nbelieving that it is a legitimate site (CVE-2014-0139).\n\nIn cURL before 7.38.0, libcurl can be fooled to both sending cookies\nto wrong sites and into allowing arbitrary sites to set cookies for\nothers. For this problem to trigger, the client application must use\nthe numerical IP address in the URL to access the site\n(CVE-2014-3613).\n\nIn cURL before 7.38.0, libcurl wrongly allows cookies to be set for\nTop Level Domains (TLDs), thus making them apply broader than cookies\nare allowed. This can allow arbitrary sites to set cookies that then\nwould get sent to a different and unrelated site or domain\n(CVE-2014-3620).\n\nSymeon Paraschoudis discovered that the curl_easy_duphandle() function\nin cURL has a bug that can lead to libcurl eventually sending off\nsensitive data that was not intended for sending, while performing a\nHTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and\ncurl_easy_duphandle() to be used in that order, and then the duplicate\nhandle must be used to perform the HTTP POST. The curl command line\ntool is not affected by this problem as it does not use this sequence\n(CVE-2014-3707).\n\nWhen libcurl sends a request to a server via a HTTP proxy, it copies\nthe entire URL into the request and sends if off. If the given URL\ncontains line feeds and carriage returns those will be sent along to\nthe proxy too, which allows the program to for example send a separate\nHTTP request injected embedded in the URL (CVE-2014-8150).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0153.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0020.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:curl-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64curl4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"curl-7.34.0-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"curl-examples-7.34.0-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64curl-devel-7.34.0-3.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64curl4-7.34.0-3.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:47:31", "description": "a. VMware vCSA cross-site scripting vulnerability\n\n VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. \n\n VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. \n\nb. vCenter Server certificate validation issue\n\n vCenter Server does not properly validate the presented certificate when establishing a connection to a CIM Server residing on an ESXi host. This may allow for a Man-in-the-middle attack against the CIM service.\n\n VMware would like to thank The Google Security Team for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8371 to this issue. \n\n c. Update to ESXi libxml2 package\n\n libxml2 is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-2877 and CVE-2014-0191 to these issues. \n\n d. Update to ESXi Curl package\n\n Curl is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0015 and CVE-2014-0138 to these issues. \n\n e. Update to ESXi Python package\n\n Python is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-1752 and CVE-2013-4238 to these issues. \n\n f. vCenter and Update Manager, Oracle JRE 1.6 Update 81\n\n Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory of July 2014. The References section provides a link to this advisory.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-06T00:00:00", "type": "nessus", "title": "VMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-2877", "CVE-2013-4238", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0191", "CVE-2014-3797", "CVE-2014-8371"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.1"], "id": "VMWARE_VMSA-2014-0012.NASL", "href": "https://www.tenable.com/plugins/nessus/79762", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2014-0012. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79762);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-2877\", \"CVE-2013-4238\", \"CVE-2014-0015\", \"CVE-2014-0138\", \"CVE-2014-0191\", \"CVE-2014-3797\", \"CVE-2014-8371\");\n script_bugtraq_id(61050, 61738, 63804, 65270, 66457, 67233, 71492, 71493);\n script_xref(name:\"VMSA\", value:\"2014-0012\");\n\n script_name(english:\"VMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote VMware ESXi host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. VMware vCSA cross-site scripting vulnerability\n\n VMware vCenter Server Appliance (vCSA) contains a vulnerability\n that may allow for Cross Site Scripting. Exploitation of this \n vulnerability in vCenter Server requires tricking a user to click\n on a malicious link or to open a malicious web page. \n\n VMware would like to thank Tanya Secker of Trustwave SpiderLabs for \n reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) \n has assigned the name CVE-2014-3797 to this issue. \n\nb. vCenter Server certificate validation issue\n\n vCenter Server does not properly validate the presented certificate \n when establishing a connection to a CIM Server residing on an ESXi \n host. This may allow for a Man-in-the-middle attack against the CIM \n service.\n\n VMware would like to thank The Google Security Team for reporting \n this issue to us.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-8371 to this issue. \n\n c. Update to ESXi libxml2 package\n\n libxml2 is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project \n (cve.mitre.org) has assigned the names CVE-2013-2877 and\n CVE-2014-0191 to these issues. \n\n d. Update to ESXi Curl package\n\n Curl is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project \n (cve.mitre.org) has assigned the names CVE-2014-0015 and \n CVE-2014-0138 to these issues. \n\n e. Update to ESXi Python package\n\n Python is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project \n (cve.mitre.org) has assigned the names CVE-2013-1752 and \n CVE-2013-4238 to these issues. \n\n f. vCenter and Update Manager, Oracle JRE 1.6 Update 81\n\n Oracle has documented the CVE identifiers that are addressed in \n JRE 1.6.0 update 81 in the Oracle Java SE Critical Patch Update\n Advisory of July 2014. The References section provides a link to\n this advisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2015/000287.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2014-12-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESXi 5.1\", vib:\"VMware:esx-base:5.1.0-2.47.2323231\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-04-16T14:12:27", "description": "An updated rhev-hypervisor6 package that fixes two security issues is now available.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433\n\nA flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0077)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2014-0224. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224. The CVE-2014-0077 issue was discovered by Michael S. Tsirkin of Red Hat.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2014-0015 and CVE-2014-0138 (curl issues)\n\nCVE-2014-2523 and CVE-2013-6383 (kernel issues)\n\nCVE-2014-0179 (libvirt issue)\n\nCVE-2010-5298, CVE-2014-0198, CVE-2014-0221, CVE-2014-0195, and CVE-2014-3470 (openssl issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2014:0629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-5298", "CVE-2013-6383", "CVE-2014-0015", "CVE-2014-0077", "CVE-2014-0138", "CVE-2014-0179", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-2523", "CVE-2014-3470"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0629.NASL", "href": "https://www.tenable.com/plugins/nessus/79027", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0629. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79027);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0077\", \"CVE-2014-0224\");\n script_bugtraq_id(67899);\n script_xref(name:\"RHSA\", value:\"2014:0629\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2014:0629)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes two security issues is\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: a subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to\ndecrypt and modify traffic between a client and a server.\n(CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client\nmust be using a vulnerable version of OpenSSL; the server must be\nusing OpenSSL version 1.0.1 and above, and the client must be using\nany version of OpenSSL. For more information about this flaw, refer\nto: https://access.redhat.com/site/articles/904433\n\nA flaw was found in the way the handle_rx() function handled large\nnetwork packets when mergeable buffers were disabled. A privileged\nguest user could use this flaw to crash the host or corrupt QEMU\nprocess memory on the host, which could potentially result in\narbitrary code execution on the host with the privileges of the QEMU\nprocess. (CVE-2014-0077)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0224. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of CVE-2014-0224. The CVE-2014-0077 issue was\ndiscovered by Michael S. Tsirkin of Red Hat.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2014-0015 and CVE-2014-0138 (curl issues)\n\nCVE-2014-2523 and CVE-2013-6383 (kernel issues)\n\nCVE-2014-0179 (libvirt issue)\n\nCVE-2010-5298, CVE-2014-0198, CVE-2014-0221, CVE-2014-0195, and\nCVE-2014-3470 (openssl issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://access.redhat.com/site/articles/904433\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/904433\"\n );\n # https://access.redhat.com/site/solutions/906913\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/906913\"\n );\n # https://access.redhat.com/site/documentation/en-US/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0629\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.5-20140603.1.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-09-04T02:53:57", "description": "The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries :\n\n - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238)\n\n - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332)\n\n - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191)\n\n - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)", "cvss3": {"score": null, "vector": null}, "published": "2014-12-12T00:00:00", "type": "nessus", "title": "ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3389", "CVE-2012-0845", "CVE-2012-0876", "CVE-2012-1150", "CVE-2013-0242", "CVE-2013-1752", "CVE-2013-1914", "CVE-2013-2877", "CVE-2013-4238", "CVE-2013-4332", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0191"], "modified": "2019-09-24T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/79862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79862);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/24 15:02:54\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2012-0845\",\n \"CVE-2012-0876\",\n \"CVE-2012-1150\",\n \"CVE-2013-0242\",\n \"CVE-2013-1752\",\n \"CVE-2013-1914\",\n \"CVE-2013-2877\",\n \"CVE-2013-4238\",\n \"CVE-2013-4332\",\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-0191\"\n );\n script_bugtraq_id(\n 49778,\n 51239,\n 51996,\n 52379,\n 57638,\n 58839,\n 61050,\n 61738,\n 62324,\n 63804,\n 65270,\n 66457,\n 67233\n );\n script_xref(name:\"VMSA\", value:\"2014-0008\");\n script_xref(name:\"VMSA\", value:\"2014-0012\");\n script_xref(name:\"CERT\", value:\"864643\");\n\n script_name(english:\"ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)\");\n script_summary(english:\"Checks the ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.1 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi host is version 5.1 prior to build 2323236. It\nis, therefore, affected by the following vulnerabilities in bundled\nthird-party libraries :\n\n - Multiple vulnerabilities exist in the bundled Python\n library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876,\n CVE-2012-1150, CVE-2013-1752, CVE-2013-4238)\n\n - Multiple vulnerabilities exist in the bundled GNU C\n Library (glibc). (CVE-2013-0242, CVE-2013-1914,\n CVE-2013-4332)\n\n - Multiple vulnerabilities exist in the bundled XML\n Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191)\n\n - Multiple vulnerabilities exist in the bundled cURL\n library (libcurl). (CVE-2014-0015, CVE-2014-0138)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2086288\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5994bfcf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0008.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0012.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply patch ESXi510-201412101-SG for ESXi 5.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/12\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.1\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.1\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 2323236;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"VMware ESXi\", ver - \"ESXi \" + \" build \" + build);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:17", "description": "The remote host is running a version of Mac OS X that is older than 10.9.4, and is thus missing security-related fixes for the following components:\n\n - Certificate Trust Policy\n - copyfile\n - curl\n - Dock\n - Graphics Driver\n - iBooks Commerce\n - Intel Graphics Driver\n - Intel Compute\n - IOAcceleratorFamily\n - IOReporting\n - Keychain\n - launchd\n - Secure Transport\n - Thunderbolt\n\nNote that successful exploitation of the most serious issues could result in arbitrary code execution.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-07-02T00:00:00", "type": "nessus", "title": "Mac OS X < 10.9.4 Multiple Vulnerabilities (Security Update 2014-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-1370", "CVE-2014-1371", "CVE-2014-1372", "CVE-2014-1317", "CVE-2014-1373", "CVE-2014-1375", "CVE-2014-1376", "CVE-2014-1377", "CVE-2014-1378", "CVE-2014-1379", "CVE-2014-1380", "CVE-2014-1381", "CVE-2014-1355", "CVE-2014-1356", "CVE-2014-1361", "CVE-2014-1357", "CVE-2014-1358", "CVE-2014-1359"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "8321.PRM", "href": "https://www.tenable.com/plugins/nnm/8321", "sourceData": "Binary data 8321.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:20", "description": "The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.4. This update contains several security-related fixes for the following components :\n\n - Certificate Trust Policy\n - copyfile\n - curl\n - Dock\n - Graphics Driver\n - iBooks Commerce\n - Intel Graphics Driver\n - Intel Compute\n - IOAcceleratorFamily\n - IOReporting\n - Keychain\n - launchd\n - Secure Transport\n - Thunderbolt\n\nNote that successful exploitation of the most serious issues could result in arbitrary code execution.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-01T00:00:00", "type": "nessus", "title": "Mac OS X 10.9.x < 10.9.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-1317", "CVE-2014-1355", "CVE-2014-1356", "CVE-2014-1357", "CVE-2014-1358", "CVE-2014-1359", "CVE-2014-1361", "CVE-2014-1370", "CVE-2014-1371", "CVE-2014-1372", "CVE-2014-1373", "CVE-2014-1375", "CVE-2014-1376", "CVE-2014-1377", "CVE-2014-1378", "CVE-2014-1379", "CVE-2014-1380", "CVE-2014-1381"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_9_4.NASL", "href": "https://www.tenable.com/plugins/nessus/76317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76317);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-0015\",\n \"CVE-2014-1317\",\n \"CVE-2014-1355\",\n \"CVE-2014-1356\",\n \"CVE-2014-1357\",\n \"CVE-2014-1358\",\n \"CVE-2014-1359\",\n \"CVE-2014-1361\",\n \"CVE-2014-1370\",\n \"CVE-2014-1371\",\n \"CVE-2014-1372\",\n \"CVE-2014-1373\",\n \"CVE-2014-1375\",\n \"CVE-2014-1376\",\n \"CVE-2014-1377\",\n \"CVE-2014-1378\",\n \"CVE-2014-1379\",\n \"CVE-2014-1380\",\n \"CVE-2014-1381\"\n );\n script_bugtraq_id(65270, 68272, 68274);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-06-30-2\");\n\n script_name(english:\"Mac OS X 10.9.x < 10.9.4 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a certificate\nvalidation weakness.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.9.x that is prior\nto 10.9.4. This update contains several security-related fixes for the\nfollowing components :\n\n - Certificate Trust Policy\n - copyfile\n - curl\n - Dock\n - Graphics Driver\n - iBooks Commerce\n - Intel Graphics Driver\n - Intel Compute\n - IOAcceleratorFamily\n - IOReporting\n - Keychain\n - launchd\n - Secure Transport\n - Thunderbolt\n\nNote that successful exploitation of the most serious issues could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6296\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/532600/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.9.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9])+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.9([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9\", \"Mac OS X \"+version);\n\nfixed_version = \"10.9.4\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:15:14", "description": "According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\n - It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8623)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8622)\n\n - It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5419)\n\n - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8624)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8621)\n\n - A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-9586)\n\n - The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '' character.(CVE-2017-8817)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8618)\n\n - It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-7141)\n\n - cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.(CVE-2014-0015)\n\n - The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.(CVE-2013-1944)\n\n - It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.(CVE-2014-8150)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8615)\n\n - The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.(CVE-2014-0138)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8617)\n\n - It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit.(CVE-2014-3613)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1944", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-3613", "CVE-2014-8150", "CVE-2016-5419", "CVE-2016-7141", "CVE-2016-8615", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-9586", "CVE-2017-1000257", "CVE-2017-8817", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:curl", "p-cpe:/a:huawei:euleros:libcurl", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1549.NASL", "href": "https://www.tenable.com/plugins/nessus/125002", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125002);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-1944\",\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-3613\",\n \"CVE-2014-8150\",\n \"CVE-2016-5419\",\n \"CVE-2016-7141\",\n \"CVE-2016-8615\",\n \"CVE-2016-8617\",\n \"CVE-2016-8618\",\n \"CVE-2016-8621\",\n \"CVE-2016-8622\",\n \"CVE-2016-8623\",\n \"CVE-2016-8624\",\n \"CVE-2016-9586\",\n \"CVE-2017-1000257\",\n \"CVE-2017-8817\",\n \"CVE-2018-1000120\",\n \"CVE-2018-1000121\",\n \"CVE-2018-1000122\"\n );\n script_bugtraq_id(\n 59058,\n 65270,\n 66457,\n 69748,\n 71964\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A NULL pointer dereference flaw was found in the way\n libcurl checks values returned by the openldap\n ldap_get_attribute_ber() function. A malicious LDAP\n server could use this flaw to crash a libcurl client\n application via a specially crafted LDAP\n reply.(CVE-2018-1000121)\n\n - It was found that libcurl did not safely parse FTP URLs\n when using the CURLOPT_FTP_FILEMETHOD method. An\n attacker, able to provide a specially crafted FTP URL\n to an application using libcurl, could write a NULL\n byte at an arbitrary location, resulting in a crash, or\n an unspecified behavior.(CVE-2018-1000120)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8623)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8622)\n\n - It was found that the libcurl library did not prevent\n TLS session resumption when the client certificate had\n changed. An attacker could potentially use this flaw to\n hijack the authentication of the connection by\n leveraging a previously created connection with a\n different client certificate.(CVE-2016-5419)\n\n - A buffer overrun flaw was found in the IMAP handler of\n libcurl. By tricking an unsuspecting user into\n connecting to a malicious IMAP server, an attacker\n could exploit this flaw to potentially cause\n information disclosure or crash the\n application.(CVE-2017-1000257)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8624)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8621)\n\n - A buffer over-read exists in curl 7.20.0 to and\n including curl 7.58.0 in the RTSP+RTP handling code\n that allows an attacker to cause a denial of service or\n information leakage(CVE-2018-1000122)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-9586)\n\n - The FTP wildcard function in curl and libcurl before\n 7.57.0 allows remote attackers to cause a denial of\n service (out-of-bounds read and application crash) or\n possibly have unspecified other impact via a string\n that ends with an '' character.(CVE-2017-8817)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8618)\n\n - It was found that the libcurl library using the NSS\n (Network Security Services) library as TLS/SSL backend\n incorrectly re-used client certificates for subsequent\n TLS connections in certain cases. An attacker could\n potentially use this flaw to hijack the authentication\n of the connection by leveraging a previously created\n connection with a different client\n certificate.(CVE-2016-7141)\n\n - cURL and libcurl 7.10.6 through 7.34.0, when more than\n one authentication method is enabled, re-uses NTLM\n connections, which might allow context-dependent\n attackers to authenticate as other users via a\n request.(CVE-2014-0015)\n\n - The tailMatch function in cookie.c in cURL and libcurl\n before 7.30.0 does not properly match the path domain\n when sending cookies, which allows remote attackers to\n steal cookies via a matching suffix in the domain of a\n URL.(CVE-2013-1944)\n\n - It was discovered that the libcurl library failed to\n properly handle URLs with embedded end-of-line\n characters. An attacker able to make an application\n using libcurl access a specially crafted URL via an\n HTTP proxy could use this flaw to inject additional\n headers to the request or construct additional\n requests.(CVE-2014-8150)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8615)\n\n - The default configuration in cURL and libcurl 7.10.6\n before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4)\n POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9)\n LDAP, and (10) LDAPS connections, which might allow\n context-dependent attackers to connect as other users\n via a request, a similar issue to\n CVE-2014-0015.(CVE-2014-0138)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2016-8617)\n\n - It was found that the libcurl library did not correctly\n handle partial literal IP addresses when parsing\n received HTTP cookies. An attacker able to trick a user\n into connecting to a malicious server could use this\n flaw to set the user's cookie to a crafted domain,\n making other cookie-related issues easier to\n exploit.(CVE-2014-3613)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1549\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a10efe7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-46.h10\",\n \"libcurl-7.29.0-46.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-24T16:30:00", "description": "The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2.\nIt is, therefore, affected by multiple vulnerabilities in third party libraries :\n\n - Due to improper certificate validation when connecting to a CIM server on an ESXi host, an attacker can perform man-in-the-middle attacks. (CVE-2014-8371)\n\n - The bundled version of Oracle JRE is prior to 1.6.0_81 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.1 and 5.0 of vCenter but is only fixed in 5.1 Update 3.", "cvss3": {"score": null, "vector": null}, "published": "2014-12-12T00:00:00", "type": "nessus", "title": "VMware Security Updates for vCenter Server (VMSA-2014-0012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0191", "CVE-2014-2483", "CVE-2014-2490", "CVE-2014-4208", "CVE-2014-4209", "CVE-2014-4216", "CVE-2014-4218", "CVE-2014-4219", "CVE-2014-4220", "CVE-2014-4221", "CVE-2014-4223", "CVE-2014-4227", "CVE-2014-4244", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-4262", "CVE-2014-4263", "CVE-2014-4264", "CVE-2014-4265", "CVE-2014-4266", "CVE-2014-4268", "CVE-2014-8371"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_server"], "id": "VMWARE_VCENTER_VMSA-2014-0012.NASL", "href": "https://www.tenable.com/plugins/nessus/79865", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79865);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-0191\",\n \"CVE-2014-2483\",\n \"CVE-2014-2490\",\n \"CVE-2014-4208\",\n \"CVE-2014-4209\",\n \"CVE-2014-4216\",\n \"CVE-2014-4218\",\n \"CVE-2014-4219\",\n \"CVE-2014-4220\",\n \"CVE-2014-4221\",\n \"CVE-2014-4223\",\n \"CVE-2014-4227\",\n \"CVE-2014-4244\",\n \"CVE-2014-4247\",\n \"CVE-2014-4252\",\n \"CVE-2014-4262\",\n \"CVE-2014-4263\",\n \"CVE-2014-4264\",\n \"CVE-2014-4265\",\n \"CVE-2014-4266\",\n \"CVE-2014-4268\",\n \"CVE-2014-8371\"\n );\n script_bugtraq_id(\n 65270,\n 66457,\n 67233,\n 68562,\n 68571,\n 68576,\n 68580,\n 68583,\n 68590,\n 68596,\n 68599,\n 68603,\n 68608,\n 68612,\n 68615,\n 68620,\n 68624,\n 68626,\n 68632,\n 68636,\n 68639,\n 68642,\n 68645,\n 71493\n );\n script_xref(name:\"VMSA\", value:\"2014-0012\");\n\n script_name(english:\"VMware Security Updates for vCenter Server (VMSA-2014-0012)\");\n script_summary(english:\"Checks the version of VMware vCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization management application installed\nthat is affected by multiple security vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The VMware vCenter Server installed on the remote host is version 5.0\nprior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2.\nIt is, therefore, affected by multiple vulnerabilities in third party\nlibraries :\n\n - Due to improper certificate validation when connecting\n to a CIM server on an ESXi host, an attacker can\n perform man-in-the-middle attacks. (CVE-2014-8371)\n\n - The bundled version of Oracle JRE is prior to 1.6.0_81\n and thus is affected by multiple vulnerabilities. Note\n that this only affects version 5.1 and 5.0 of vCenter\n but is only fixed in 5.1 Update 3.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0012.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2014/000283.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Server 5.5u2 (5.5.0 build-2001466) / 5.1u3\n(5.1.0 build-2306353) / 5.0u3c (5.0.0 build-2210222) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vcenter_detect.nbin\");\n script_require_keys(\"Host/VMware/vCenter\", \"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\"Host/VMware/vCenter\");\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\n\n# Extract and verify the build number\nbuild = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\nif (build !~ '^[0-9]+$') exit(1, 'Failed to extract the build number from the release string.');\n\nrelease = release - 'VMware vCenter Server ';\nfixversion = NULL;\n\n# Check version and build numbers\nif (version =~ '^VMware vCenter 5\\\\.0$' && int(build) < 2210222) fixversion = '5.0.0 build-2210222';\nelse if (version =~ '^VMware vCenter 5\\\\.1$' && int(build) < 2306353) fixversion = '5.1.0 build-2306353';\nelse if (version =~ '^VMware vCenter 5\\\\.5$' && int(build) < 2001466) fixversion = '5.5.0 build-2001466';\nelse audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + release +\n '\\n Fixed version : ' + fixversion +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:26:47", "description": "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.2.6. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries :\n\n - HP SMH (XSRF)\n - libcurl\n - OpenSSL", "cvss3": {"score": null, "vector": null}, "published": "2016-03-29T00:00:00", "type": "nessus", "title": "HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139", "CVE-2014-2522", "CVE-2014-2641", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3143", "CVE-2015-3145", "CVE-2015-3148"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage", "cpe:/a:openssl:openssl", "cpe:/a:haxx:curl", "cpe:/a:haxx:libcurl"], "id": "HPSMH_7_2_6.NASL", "href": "https://www.tenable.com/plugins/nessus/90251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90251);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0015\",\n \"CVE-2014-0138\",\n \"CVE-2014-0139\",\n \"CVE-2014-2522\",\n \"CVE-2014-2641\",\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2015-0207\",\n \"CVE-2015-0208\",\n \"CVE-2015-0209\",\n \"CVE-2015-0285\",\n \"CVE-2015-0286\",\n \"CVE-2015-0287\",\n \"CVE-2015-0288\",\n \"CVE-2015-0289\",\n \"CVE-2015-0290\",\n \"CVE-2015-0291\",\n \"CVE-2015-0292\",\n \"CVE-2015-0293\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-3143\",\n \"CVE-2015-3145\",\n \"CVE-2015-3148\"\n );\n script_bugtraq_id(\n 65270,\n 66296,\n 66457,\n 66458,\n 70208,\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942,\n 73225,\n 73226,\n 73227,\n 73228,\n 73229,\n 73230,\n 73231,\n 73232,\n 73234,\n 73235,\n 73237,\n 73239,\n 74299,\n 74301,\n 74303,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"HP\", value:\"HPSBMU03422\");\n script_xref(name:\"HP\", value:\"emr_na-c04805275\");\n script_xref(name:\"HP\", value:\"SSRT101438\");\n script_xref(name:\"HP\", value:\"SSRT101447\");\n script_xref(name:\"HP\", value:\"SSRT102109\");\n\n script_name(english:\"HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server's banner, the version of HP System\nManagement Homepage (SMH) hosted on the remote web server is prior to\n7.2.6. It is, therefore, affected by multiple vulnerabilities,\nincluding remote code execution vulnerabilities, in several components\nand third-party libraries :\n\n - HP SMH (XSRF)\n - libcurl\n - OpenSSL\");\n # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04805275\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bc0a4e1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20150319.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP System Management Homepage (SMH) version 7.2.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:haxx:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:haxx:libcurl\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nget_kb_item_or_exit(\"www/hp_smh\");\n\nport = get_http_port(default:2381, embedded:TRUE);\n\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\n\nif (version == UNKNOWN_VER) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# nb: 'version' can have non-numeric characters in it so we'll create\n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt)) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\nfixed_version = '7.2.6';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line))\n report += '\\n Version source : ' + source_line;\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:report, xsrf:TRUE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2849-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nJanuary 31, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : curl\r\nVulnerability : information disclosure\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2014-0015\r\n\r\nParas Sethia discovered that libcurl, a client-side URL transfer\r\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\r\nwith NTLM authentication to the same server, sending requests for one\r\nuser over the connection authenticated as a different user.\r\n\r\nFor the oldstable distribution (squeeze), this problem has been fixed in\r\nversion 7.21.0-2.1+squeeze7.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 7.26.0-1+wheezy8.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 7.35.0-1.\r\n\r\nWe recommend that you upgrade your curl packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJS61xeAAoJEL97/wQC1SS+CwoIALD1YgDeI4wbeVHEfAEMeqZN\r\n/gEuAQRUKRMhQ3Z8x3+U6kGoIo8vrJYST2qtO0amuKnx5jdB9hX6ePdX47wWbmR9\r\nITYsEceHyI32vMM2OXs6Kc97QR/HemIuLYLugDdhWs7kw37OU7dhCHaG0xfzwYqG\r\nu+yKJNHqAVp4WzfUJsyd93dkChqaZfSFiaPd4Mz/LdAkdJpsq9Fq0ChvPQWFQCmd\r\nRctPABiqzFCVQKOlZXEDNqdmXxldq2q/lgYSHETn/IUsdCoAsTO/GVBpfyBaTOgH\r\n2s3EfJTogJeBxkeoDDm/+VaY/073Ui7IJ0ePZoqbLZU+/V0u8LhK3W86tJK4RRY=\r\n=dg0U\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2014-02-01T00:00:00", "title": "[SECURITY] [DSA 2849-1] curl security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2014-02-01T00:00:00", "id": "SECURITYVULNS:DOC:30267", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30267", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T19:17:52", "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 2, "cvss3": {}, "published": "2015-11-01T00:00:00", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:56", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2014-0012\r\nSynopsis: VMware vSphere product updates address security \r\n vulnerabilities\r\nIssue date: 2014-12-04\r\nUpdated on: 2014-12-04 (Initial Advisory)\r\nCVE number: CVE-2014-3797, CVE-2014-8371, CVE-2013-2877, CVE-2014-0191, \r\n CVE-2014-0015, CVE-2014-0138, CVE-2013-1752 and \r\n CVE-2013-4238\r\n- ------------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware vSphere product updates address a Cross Site Scripting issue, \r\n a certificate validation issue and security vulnerabilities in \r\n third-party libraries.\r\n \r\n2. Relevant releases\r\n\r\n VMware vCenter Server Appliance 5.1 Prior to Update 3 \r\n\r\n VMware vCenter Server 5.5 prior to Update 2\r\n VMware vCenter Server 5.1 prior to Update 3\r\n VMware vCenter Server 5.0 prior to Update 3c\r\n\r\n VMware ESXi 5.1 without patch ESXi510-201412101-SG\r\n\r\n3. Problem Description \r\n\r\n a. VMware vCSA cross-site scripting vulnerability\r\n\r\n VMware vCenter Server Appliance (vCSA) contains a vulnerability\r\n that may allow for Cross Site Scripting. Exploitation of this \r\n vulnerability in vCenter Server requires tricking a user to click\r\n on a malicious link or to open a malicious web page while they are\r\n logged in into vCenter. \r\n\r\n VMware would like to thank Tanya Secker of Trustwave SpiderLabs for \r\n reporting this issue to us. \r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) \r\n has assigned the name CVE-2014-3797 to this issue. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product\tRunning Replace with/\r\n Product Version\ton Apply Patch\r\n ============= =======\t======= =================\r\n vCSA 5.5 any Not Affected\r\n vCSA 5.1 any 5.1 Update 3\r\n vCSA 5.0 any Not Affected\r\n\r\n b. vCenter Server certificate validation issue\r\n\r\n vCenter Server does not properly validate the presented certificate \r\n when establishing a connection to a CIM Server residing on an ESXi \r\n host. This may allow for a Man-in-the-middle attack against the CIM \r\n service.\r\n\r\n VMware would like to thank The Google Security Team for reporting \r\n this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the identifier CVE-2014-8371 to this issue. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= =======\t======= ==============\r\n vCenter Server 5.5 any 5.5 Update 2\r\n vCenter Server 5.1 any 5.1 Update 3\r\n vCenter Server 5.0 any 5.0 Update 3c\r\n\r\n c. Update to ESXi libxml2 package\r\n\r\n libxml2 is updated to address multiple security issues. \r\n\r\n The Common Vulnerabilities and Exposures project \r\n (cve.mitre.org) has assigned the names CVE-2013-2877 and\r\n CVE-2014-0191 to these issues. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n ESXi 5.5 any Patch Pending\r\n ESXi 5.1 any ESXi510-201412101-SG\r\n ESXi 5.0 any No patch planned\r\n\r\n d. Update to ESXi Curl package\r\n\r\n Curl is updated to address multiple security issues. \r\n\r\n The Common Vulnerabilities and Exposures project \r\n (cve.mitre.org) has assigned the names CVE-2014-0015 and \r\n CVE-2014-0138 to these issues. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product\tRunning Replace with/\r\n Product Version\ton Apply Patch\r\n ========= =======\t======= =================\r\n ESXi 5.5 any Patch Pending\r\n ESXi 5.1 any ESXi510-201412101-SG\r\n ESXi 5.0 any No patch planned\r\n\r\n e. Update to ESXi Python package\r\n\r\n Python is updated to address multiple security issues. \r\n\r\n The Common Vulnerabilities and Exposures project \r\n (cve.mitre.org) has assigned the names CVE-2013-1752 and \r\n CVE-2013-4238 to these issues. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n ESXi 5.5 any Patch Pending\r\n ESXi 5.1 any ESXi510-201412101-SG\r\n ESXi 5.0 any Patch Pending\r\n\r\n f. vCenter and Update Manager, Oracle JRE 1.6 Update 81\r\n\r\n Oracle has documented the CVE identifiers that are addressed in \r\n JRE 1.6.0 update 81 in the Oracle Java SE Critical Patch Update\r\n Advisory of July 2014. The References section provides a link to\r\n this advisory. \r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter Server 5.5 any not applicable *\r\n vCenter Server 5.1 any 5.1 Update 3\r\n vCenter Server 5.0 any patch pending\r\n vCenter Update Manager 5.5 any not applicable *\r\n vCenter Update Manager 5.1 any 5.1 Update 3\r\n vCenter Update Manager 5.0 any patch pending\r\n\r\n * this product uses the Oracle JRE 1.7.0 family\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version \r\n and verify the checksum of your downloaded file. \r\n \r\n vCSA 5.1 Update 3, vCenter Server 5.1 Update 3 and Update Manager 5.1\r\n Update 3\r\n ----------------------------\r\n Downloads and Documentation: \r\n https://www.vmware.com/go/download-vsphere\r\n\r\n ESXi 5.1\r\n ----------------------------\r\n File: update-from-esxi5.1-5.1_update03.zip.zip\r\n md5sum: b3fd3549b59c6c59c04bfd09b08c6edf\r\n sha1sum: 02139101fe205894774caac02820f6ea8416fb8b\r\n http://kb.vmware.com/kb/2086288\r\n update-from-esxi5.1-5.1_update03 contains ESXi510-201412101-SG\r\n \r\n5. References\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3797\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8371\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238\r\n\r\n JRE \r\n Oracle Java SE Critical Patch Update Advisory of July 2014\r\n\r\n http://www.oracle.com/technetwork/topics/security/cpujul2014-\r\n1972956.html\r\n\r\n- ------------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2014-12-04 VMSA-2014-0012\r\n Initial security advisory in conjunction with the release of VMware\r\n vCSA 5.1 Update 3, vCenter Server 5.1 Update 3 and ESXi 5.1 Patches \r\n released on 2014-12-04.\r\n\r\n- ------------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\n This Security Advisory is posted to the following lists:\r\n\r\n security-announce at lists.vmware.com\r\n bugtraq at securityfocus.com\r\n fulldisclosure at seclists.org\r\n\r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n\r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n\r\n Consolidated list of VMware Security Advisories\r\n http://kb.vmware.com/kb/2078735\r\n\r\n VMware Security Response Policy\r\n https://www.vmware.com/support/policies/security_response.html\r\n\r\n VMware Lifecycle Support Phases\r\n https://www.vmware.com/support/policies/lifecycle.html\r\n \r\n Twitter\r\n https://twitter.com/VMwareSRC\r\n\r\n Copyright 2014 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: Encryption Desktop 10.3.0 (Build 8741)\r\nCharset: utf-8\r\n\r\nwj8DBQFUgLnkDEcm8Vbi9kMRArHeAKDSKrUyaCHxpcXMS8KRHlaB80B90wCdGoV1\r\nea+5vLRA631Cn0q1Mt63s4s=\r\n=OYK3\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-12-11T00:00:00", "title": "NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-3797", "CVE-2014-0191", "CVE-2013-4238", "CVE-2013-2877", "CVE-2014-0015", "CVE-2013-1752", "CVE-2014-8371", "CVE-2014-0138"], "modified": "2014-12-11T00:00:00", "id": "SECURITYVULNS:DOC:31491", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31491", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2021-06-08T19:03:08", "description": "Multiple memory corruptions, information leakages, DoS, privilege escalation, screen lock bypass.", "edition": 2, "cvss3": {}, "published": "2014-08-04T00:00:00", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-1372", "CVE-2014-1373", "CVE-2014-1371", "CVE-2014-1357", "CVE-2014-1376", "CVE-2014-1361", "CVE-2014-1381", "CVE-2014-1380", "CVE-2014-1317", "CVE-2014-1377", "CVE-2014-1378", "CVE-2014-1358", "CVE-2014-0015", "CVE-2014-1359", "CVE-2014-1375", "CVE-2014-1379", "CVE-2014-1370", "CVE-2014-1355", "CVE-2014-1356"], "modified": "2014-08-04T00:00:00", "id": "SECURITYVULNS:VULN:13898", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13898", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update\r\n2014-003\r\n\r\nOS X Mavericks 10.9.4 and Security Update 2014-003 are now available\r\nand address the following:\r\n\r\nCertificate Trust Policy\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at\r\nhttp://support.apple.com/kb/HT6005.\r\n\r\ncopyfile\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\r\nImpact: Opening a maliciously crafted zip file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An out of bounds byte swapping issue existed in the\r\nhandling of AppleDouble files in zip archives. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP\r\n\r\ncurl\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A remote attacker may be able to gain access to another\r\nuser's session\r\nDescription: cURL re-used NTLM connections when more than one\r\nauthentication method was enabled, which allowed an attacker to gain\r\naccess to another user's session.\r\nCVE-ID\r\nCVE-2014-0015\r\n\r\nDock\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3\r\nImpact: A sandboxed application may be able to circumvent sandbox\r\nrestrictions\r\nDescription: An unvalidated array index issue existed in the\r\nDock's handling of messages from applications. A maliciously\r\ncrafted message could cause an invalid function pointer to be\r\ndereferenced, which could lead to an unexpected application\r\ntermination or arbitrary code execution.\r\nCVE-ID\r\nCVE-2014-1371 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nGraphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user can read kernel memory, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: An out-of-bounds read issue existed in the handling of\r\na system call. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1372 : Ian Beer of Google Project Zero\r\n\r\niBooks Commerce\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: An attacker with access to a system may be able to recover\r\nApple ID credentials\r\nDescription: An issue existed in the handling of iBooks logs. The\r\niBooks process could log Apple ID credentials in the iBooks log where\r\nother users of the system could read it. This issue was addressed by\r\ndisallowing logging of credentials.\r\nCVE-ID\r\nCVE-2014-1317 : Steve Dunham\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of an OpenGL\r\nAPI call. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1373 : Ian Beer of Google Project Zero\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user can read a kernel pointer, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A kernel pointer stored in an IOKit object could be\r\nretrieved from userland. This issue was addressed by removing the\r\npointer from the object.\r\nCVE-ID\r\nCVE-2014-1375\r\n\r\nIntel Compute\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of an OpenCL\r\nAPI call. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1376 : Ian Beer of Google Project Zero\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An array indexing issue existed in IOAcceleratorFamily.\r\nThis issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1377 : Ian Beer of Google Project Zero\r\n\r\nIOGraphicsFamily\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user can read a kernel pointer, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A kernel pointer stored in an IOKit object could be\r\nretrieved from userland. This issue was addressed by using a unique\r\nID instead of a pointer.\r\nCVE-ID\r\nCVE-2014-1378\r\n\r\nIOReporting\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A local user could cause an unexpected system restart\r\nDescription: A null pointer dereference existed in the handling of\r\nIOKit API arguments. This issue was addressed through additional\r\nvalidation of IOKit API arguments.\r\nCVE-ID\r\nCVE-2014-1355 : cunzhang from Adlab of Venustech\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer underflow existed in launchd. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1359 : Ian Beer of Google Project Zero\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in launchd's handling of\r\nIPC messages. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1356 : Ian Beer of Google Project Zero\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in launchd's handling of\r\nlog messages. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1357 : Ian Beer of Google Project Zero\r\n\r\nlaunchd\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in launchd. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1358 : Ian Beer of Google Project Zero\r\n\r\nGraphics Drivers\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple null dereference issues existed in kernel\r\ngraphics drivers. A maliciously crafted 32-bit executable may have\r\nbeen able to obtain elevated privileges.\r\nCVE-ID\r\nCVE-2014-1379 : Ian Beer of Google Project Zero\r\n\r\nSecurity - Keychain\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: An attacker may be able to type into windows under the\r\nscreen lock\r\nDescription: Under rare circumstances, the screen lock did not\r\nintercept keystrokes. This could have allowed an attacker to type\r\ninto windows under the screen lock. This issue was addressed through\r\nimproved keystroke observer management.\r\nCVE-ID\r\nCVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC\r\n\r\nSecurity - Secure Transport\r\nAvailable for: OS X Mountain Lion v10.8.5,\r\nOS X Mavericks 10.9 to 10.9.3\r\nImpact: Two bytes of memory could be disclosed to a remote attacker\r\nDescription: An uninitialized memory access issue existing in the\r\nhandling of DTLS messages in a TLS connection. This issue was\r\naddressed by only accepting DTLS messages in a DTLS connection.\r\nCVE-ID\r\nCVE-2014-1361 : Thijs Alkemade of The Adium Project\r\n\r\nThunderbolt\r\nAvailable for: OS X Mavericks 10.9 to 10.9.3\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An out of bounds memory access issue existed in the\r\nhandling of IOThunderBoltController API calls. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-1381 : Catherine aka winocm\r\n\r\nNote: OS X Mavericks 10.9.4 includes the security content of\r\nSafari 7.0.5: http://support.apple.com/kb/HT6293\r\n\r\nOS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN\r\n6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX\r\na569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM\r\nKx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb\r\nnak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr\r\nQ/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR\r\nuqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo\r\nT/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR\r\n1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4\r\nFiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka\r\nePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr\r\n+/tiYIHJ5pUCKf+C8xJC\r\n=HkFr\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-08-04T00:00:00", "title": "APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-1372", "CVE-2014-1373", "CVE-2014-1371", "CVE-2014-1357", "CVE-2014-1376", "CVE-2014-1361", "CVE-2014-1381", "CVE-2014-1380", "CVE-2014-1317", "CVE-2014-1377", "CVE-2014-1378", "CVE-2014-1358", "CVE-2014-0015", "CVE-2014-1359", "CVE-2014-1375", "CVE-2014-1379", "CVE-2014-1370", "CVE-2014-1355", "CVE-2014-1356"], "modified": "2014-08-04T00:00:00", "id": "SECURITYVULNS:DOC:30968", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30968", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities\r\n\r\nEMC Identifier: ESA-2015-002\r\n \t\r\nCVE Identifier: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2012-5885, CVE-2011-3389, CVE-2013-1767, CVE-2012-2137, CVE-2012-6548, CVE-2013-1797, CVE-2013-0231, CVE-2013-1774, CVE-2013-1848, CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913,CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549, CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160, CVE-2013-1860, CVE-2013-0349, CVE-2013-1798, CVE-2013-4242, CVE-2014-0138, CVE-2014-0139, CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, CVE-2012-6085, CVE-2014-2403, CVE-2014-0446, CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398, CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429, CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448, CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461, CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401, CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449, CVE-2014-0432, CVE-2014-0463, CVE-2014-2410 , CVE-2014-2413, CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452, CVE-2010-5107, CVE-2014-1545, CVE-2014-1541, CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2013-2005, CVE-2013-2002, CVE-2014-0092, CVE-2014-0015, CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219, CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268, CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218, CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208, CVE-2014-4209, CVE-2014-4265, CVE-2014-4244,\r\nCVE-2014-4216, CVE-2011-0020, CVE-2011-0064, CVE-2014-3638, CVE-2014-3639, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566, CVE-2014-4330, CVE-2014-3613, CVE-2014-3620, CVE-2015-0512\r\n\r\nSeverity Rating: View details below for CVSSv2 scores\r\n\r\nAffected products: \r\nUnisphere Central versions prior to 4.0\r\n\r\nSummary: \r\nUnisphere Central requires an update to address various security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.\r\n\r\nDetails: \r\nUnisphere Central requires an update to address various security vulnerabilities:\r\n\r\n1.\tUnvalidated Redirect Vulnerability (CVE-2015-0512)\r\n\r\nA potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter.\r\n\r\nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)\r\n\r\n2.\tMultiple Embedded Component Vulnerabilities\r\n\r\nThe following vulnerabilities affecting multiple embedded components were addressed:\r\n\r\n\u2022\tPostgreSQL (CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902)\r\n\u2022\tApache Tomcat HTTP Digest Access Bypass (CVE-2012-5885)\r\n\u2022\tSSL3.0/TLS1.0 Weak CBC Mode Vulnerability (CVE-2011-3389)\r\n\u2022\tSUSE Kernel Updates (CVE-2013-1767, CVE-2012-2137, CVE-2012-6548, CVE-2013-1797, CVE-2013-0231,CVE-2013-1774, CVE-2013-1848, CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913, CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549, CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160, CVE-2013-1860, CVE-2013-0349, CVE-2013-1798)\r\n\u2022\tLibgcrypt (CVE-2013-4242)\r\n\u2022\tcURL/libcURL Multiple Vulnerabilities (CVE-2014-0138, CVE-2014-0139, CVE-2014-0015, CVE-2014-3613, CVE-2014-3620)\r\n\u2022\tOpenSSL Multiple Vulnerabilities (CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566)\r\n\u2022\tGNU Privacy Guard (GPG2) Update (CVE-2012-6085)\r\n\u2022\tJava Runtime Environment (CVE-2014-2403, CVE-2014-0446, CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398, CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429, CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448, CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461, CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401, CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449, CVE-2014-0432, CVE-2014-0463, CVE-2014-2410, CVE-2014-2413, CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452, CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219, CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268, CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218, CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208, CVE-2014-4209, CVE-2014-4265, CVE-2014-4244, CVE-2014-4216)\r\n\u2022\tOpenSSH Denial of Service (CVE-2010-5107)\r\n\u2022\tNetwork Security Services (NSS) Update (CVE-2014-1545, CVE-2014-1541, CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538)\r\n\u2022\t Xorg-X11 Update (CVE-2013-2005, CVE-2013-2002)\r\n\u2022\tGnuTLS SSL Verification Vulnerability (CVE-2014-0092)\r\n\u2022\tPango Security Update (CVE-2011-0020, CVE-2011-0064)\r\n\u2022\tD-Bus Denial of Service (CVE-2014-3638,CVE-2014-3639)\r\n\u2022\tPerl Denial of Service (CVE-2014-4330)\r\nCVSSv2 Base Score: Refer to NVD (http://nvd.nist.gov) for individual scores for each CVE listed above\r\n\r\nFor more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the NVD database\u2019s search utility at http://web.nvd.nist.gov/view/vuln/search\r\n\r\nResolution: \r\nThe following Unisphere Central release contains resolutions to the above issues:\r\n\u2022\tUnisphere Central version 4.0.\r\n\r\nEMC strongly recommends all customers upgrade at the earliest opportunity. Contact EMC Unisphere Central customer support to download the required upgrades. \r\n\r\nLink to remedies:\r\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/products/28224_Unisphere-Central\r\n\r\n\r\nIf you have any questions, please contact EMC Support.\r\n\r\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \r\n\r\n\r\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.\r\n\r\nEMC Product Security Response Center\r\nsecurity_alert@emc.com\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 (Cygwin)\r\n\r\niEYEARECAAYFAlTKSaIACgkQtjd2rKp+ALzINgCg01qlCrN0carogi8MwnbjGNrP\r\n6oIAnRiS6bIIqnGmGN0c+ayX74Qad4vY\r\n=5UIE\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2015-02-02T00:00:00", "title": "ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-2635", "CVE-2014-1536", "CVE-2013-1797", "CVE-2014-4208", "CVE-2014-3508", "CVE-2014-4262", "CVE-2014-3566", "CVE-2014-2397", "CVE-2014-2490", "CVE-2013-1767", "CVE-2015-0512", "CVE-2012-6548", "CVE-2014-4263", "CVE-2014-0457", "CVE-2014-0455", "CVE-2014-0446", "CVE-2013-0268", "CVE-2013-0160", "CVE-2014-3613", "CVE-2014-4218", "CVE-2013-1848", "CVE-2014-1538", "CVE-2014-4221", "CVE-2014-2420", "CVE-2013-2005", "CVE-2014-3638", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-3507", "CVE-2013-1860", "CVE-2014-4268", "CVE-2014-1537", "CVE-2014-2413", "CVE-2014-0076", "CVE-2014-4265", "CVE-2014-3513", "CVE-2013-1792", "CVE-2013-4242", "CVE-2014-0454", "CVE-2014-0224", "CVE-2014-0453", "CVE-2014-0432", "CVE-2014-4266", "CVE-2012-2137", "CVE-2014-0461", "CVE-2014-3511", "CVE-2011-3389", "CVE-2014-0459", "CVE-2014-0456", "CVE-2014-4244", "CVE-2013-1772", "CVE-2014-1534", "CVE-2013-0349", "CVE-2014-0429", "CVE-2013-1774", "CVE-2014-0463", "CVE-2014-3470", "CVE-2014-3506", "CVE-2014-1545", "CVE-2013-0311", "CVE-2014-4209", "CVE-2014-0464", "CVE-2014-0139", "CVE-2014-0092", "CVE-2014-2403", "CVE-2011-0020", "CVE-2010-5107", "CVE-2014-0449", "CVE-2014-2412", "CVE-2014-2428", "CVE-2010-5298", "CVE-2013-0231", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-0448", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-4216", "CVE-2014-2401", "CVE-2014-3567", "CVE-2014-0015", "CVE-2014-3620", "CVE-2013-0913", "CVE-2014-4264", "CVE-2014-2422", "CVE-2014-4330", "CVE-2014-4220", "CVE-2012-6085", "CVE-2014-3512", "CVE-2013-2002", "CVE-2013-1901", "CVE-2014-3510", "CVE-2012-6549", "CVE-2014-2423", "CVE-2014-1541", "CVE-2014-2410", "CVE-2013-1902", "CVE-2013-0914", "CVE-2014-2483", "CVE-2013-2634", "CVE-2012-5885", "CVE-2014-3568", "CVE-2014-1533", "CVE-2014-4227", "CVE-2014-2409", "CVE-2014-4247", "CVE-2013-0216", "CVE-2014-4252", "CVE-2013-1796", "CVE-2014-0138", "CVE-2014-4219", "CVE-2013-1798", "CVE-2013-1900", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-3509", "CVE-2014-5139", "CVE-2014-2414", "CVE-2014-4223", "CVE-2011-0064", "CVE-2013-1899", "CVE-2014-3639", "CVE-2014-0221", "CVE-2014-2402"], "modified": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31682", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31682", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T11:57:20", "description": "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.", "cvss3": {}, "published": "2014-02-02T00:55:00", "type": "cve", "title": "CVE-2014-0015", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015"], "modified": "2018-10-09T19:35:00", "cpe": ["cpe:/a:haxx:curl:7.22.0", "cpe:/a:haxx:libcurl:7.21.2", "cpe:/a:haxx:libcurl:7.12.2", "cpe:/a:haxx:curl:7.16.2", "cpe:/a:haxx:curl:7.15.2", "cpe:/a:haxx:libcurl:7.10.6", "cpe:/a:haxx:curl:7.16.4", "cpe:/a:haxx:curl:7.11.2", "cpe:/a:haxx:curl:7.19.3", "cpe:/a:haxx:curl:7.21.7", "cpe:/a:haxx:libcurl:7.34.0", "cpe:/a:haxx:curl:7.12.1", "cpe:/a:haxx:curl:7.10.7", "cpe:/a:haxx:libcurl:7.21.1", "cpe:/a:haxx:curl:7.21.6", "cpe:/a:haxx:libcurl:7.28.0", "cpe:/a:haxx:libcurl:7.25.0", "cpe:/a:haxx:libcurl:7.32.0", "cpe:/a:haxx:curl:7.23.1", "cpe:/a:haxx:libcurl:7.12.3", "cpe:/a:haxx:libcurl:7.19.4", "cpe:/a:haxx:libcurl:7.15.0", "cpe:/a:haxx:curl:7.27.0", "cpe:/a:haxx:curl:7.30.0", "cpe:/a:haxx:libcurl:7.21.5", "cpe:/a:haxx:curl:7.13.1", "cpe:/a:haxx:curl:7.24.0", "cpe:/a:haxx:curl:7.11.0", "cpe:/a:haxx:curl:7.13.0", "cpe:/a:haxx:curl:7.18.1", "cpe:/a:haxx:libcurl:7.13.0", "cpe:/a:haxx:libcurl:7.24.0", "cpe:/a:haxx:libcurl:7.21.4", "cpe:/a:haxx:curl:7.21.5", "cpe:/a:haxx:libcurl:7.33.0", "cpe:/a:haxx:libcurl:7.20.0", "cpe:/a:haxx:libcurl:7.21.3", "cpe:/a:haxx:libcurl:7.23.0", "cpe:/a:haxx:curl:7.21.3", "cpe:/a:haxx:curl:7.17.0", "cpe:/a:haxx:curl:7.12.3", "cpe:/a:haxx:curl:7.20.0", "cpe:/a:haxx:curl:7.11.1", "cpe:/a:haxx:libcurl:7.28.1", "cpe:/a:haxx:curl:7.20.1", "cpe:/a:haxx:libcurl:7.17.0", "cpe:/a:haxx:libcurl:7.18.0", "cpe:/a:haxx:libcurl:7.16.3", "cpe:/a:haxx:libcurl:7.19.3", "cpe:/a:haxx:curl:7.15.4", "cpe:/a:haxx:curl:7.34.0", "cpe:/a:haxx:libcurl:7.19.6", "cpe:/a:haxx:libcurl:7.21.7", "cpe:/a:haxx:libcurl:7.26.0", "cpe:/a:haxx:libcurl:7.11.1", "cpe:/a:haxx:curl:7.16.3", "cpe:/a:haxx:libcurl:7.12.0", "cpe:/a:haxx:curl:7.23.0", "cpe:/a:haxx:curl:7.19.4", "cpe:/a:haxx:curl:7.16.0", "cpe:/a:haxx:libcurl:7.14.1", "cpe:/a:haxx:libcurl:7.15.2", "cpe:/a:haxx:curl:7.19.2", "cpe:/a:haxx:curl:7.28.0", "cpe:/a:haxx:curl:7.14.0", "cpe:/a:haxx:curl:7.21.0", "cpe:/a:haxx:libcurl:7.21.6", "cpe:/a:haxx:curl:7.21.4", "cpe:/a:haxx:libcurl:7.16.2", "cpe:/a:haxx:libcurl:7.19.5", "cpe:/a:haxx:libcurl:7.15.3", "cpe:/a:haxx:curl:7.15.1", "cpe:/a:haxx:libcurl:7.13.2", "cpe:/a:haxx:curl:7.13.2", "cpe:/a:haxx:libcurl:7.15.1", "cpe:/a:haxx:curl:7.10.6", "cpe:/a:haxx:libcurl:7.12.1", "cpe:/a:haxx:curl:7.16.1", "cpe:/a:haxx:curl:7.33.0", "cpe:/a:haxx:curl:7.19.6", "cpe:/a:haxx:curl:7.14.1", "cpe:/a:haxx:libcurl:7.19.2", "cpe:/a:haxx:curl:7.12.2", "cpe:/a:haxx:libcurl:7.16.1", "cpe:/a:haxx:libcurl:7.18.1", "cpe:/a:haxx:libcurl:7.21.0", "cpe:/a:haxx:curl:7.15.3", "cpe:/a:haxx:curl:7.18.2", "cpe:/a:haxx:curl:7.12.0", "cpe:/a:haxx:curl:7.19.5", "cpe:/a:haxx:curl:7.19.1", "cpe:/a:haxx:curl:7.32.0", "cpe:/a:haxx:libcurl:7.15.5", "cpe:/a:haxx:libcurl:7.10.8", "cpe:/a:haxx:libcurl:7.22.0", "cpe:/a:haxx:libcurl:7.27.0", "cpe:/a:haxx:curl:7.21.1", "cpe:/a:haxx:libcurl:7.30.0", "cpe:/a:haxx:libcurl:7.20.1", "cpe:/a:haxx:curl:7.19.7", "cpe:/a:haxx:curl:7.28.1", "cpe:/a:haxx:libcurl:7.23.1", "cpe:/a:haxx:libcurl:7.14.0", "cpe:/a:haxx:curl:7.10.8", "cpe:/a:haxx:curl:7.25.0", "cpe:/a:haxx:curl:7.18.0", "cpe:/a:haxx:libcurl:7.16.0", "cpe:/a:haxx:libcurl:7.19.7", "cpe:/a:haxx:libcurl:7.19.1", "cpe:/a:haxx:libcurl:7.18.2", "cpe:/a:haxx:curl:7.26.0", "cpe:/a:haxx:libcurl:7.31.0", "cpe:/a:haxx:libcurl:7.17.1", "cpe:/a:haxx:curl:7.21.2", "cpe:/a:haxx:curl:7.17.1", "cpe:/a:haxx:libcurl:7.10.7", "cpe:/a:haxx:libcurl:7.29.0", "cpe:/a:haxx:curl:7.15.5", "cpe:/a:haxx:curl:7.15.0", "cpe:/a:haxx:libcurl:7.13.1", "cpe:/a:haxx:libcurl:7.11.0", "cpe:/a:haxx:libcurl:7.19.0", "cpe:/a:haxx:curl:7.29.0", "cpe:/a:haxx:libcurl:7.15.4", "cpe:/a:haxx:libcurl:7.16.4", "cpe:/a:haxx:curl:7.19.0", "cpe:/a:haxx:curl:7.31.0", "cpe:/a:haxx:libcurl:7.11.2"], "id": "CVE-2014-0015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0015", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:25:48", "description": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", "cvss3": {}, "published": "2015-04-24T14:59:00", "type": "cve", "title": "CVE-2015-3143", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2015-3143"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:haxx:curl:7.21.3", "cpe:/a:haxx:curl:7.19.7", "cpe:/o:apple:mac_os_x:10.10.3", "cpe:/a:haxx:libcurl:7.17.0", "cpe:/a:haxx:curl:7.16.2", "cpe:/a:haxx:curl:7.23.0", "cpe:/a:haxx:curl:7.19.0", "cpe:/a:haxx:curl:7.15.3", "cpe:/a:haxx:curl:7.13.1", "cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:haxx:libcurl:7.13.2", "cpe:/a:haxx:curl:7.15.4", "cpe:/a:haxx:libcurl:7.19.1", "cpe:/a:haxx:libcurl:7.19.7", "cpe:/a:haxx:libcurl:7.16.0", "cpe:/a:haxx:curl:7.15.0", "cpe:/a:haxx:libcurl:7.18.1", "cpe:/a:haxx:libcurl:7.25.0", "cpe:/a:haxx:libcurl:7.14.1", "cpe:/a:haxx:curl:7.39.0", "cpe:/a:haxx:libcurl:7.39", "cpe:/a:haxx:curl:7.27.0", "cpe:/a:haxx:libcurl:7.33.0", "cpe:/a:haxx:libcurl:7.16.1", "cpe:/a:haxx:curl:7.22.0", "cpe:/a:haxx:libcurl:7.22.0", "cpe:/a:haxx:libcurl:7.13.0", "cpe:/a:haxx:curl:7.21.6", "cpe:/a:haxx:libcurl:7.15.2", "cpe:/a:haxx:curl:7.40.0", "cpe:/a:haxx:curl:7.25.0", "cpe:/a:haxx:curl:7.12.3", "cpe:/a:haxx:libcurl:7.16.3", "cpe:/a:haxx:curl:7.20.0", "cpe:/a:haxx:libcurl:7.10.7", "cpe:/a:haxx:libcurl:7.19.5", "cpe:/a:haxx:libcurl:7.21.0", "cpe:/a:haxx:libcurl:7.21.6", "cpe:/a:haxx:curl:7.34.0", "cpe:/a:haxx:libcurl:7.15.4", "cpe:/a:haxx:libcurl:7.34.0", "cpe:/a:haxx:curl:7.32.0", "cpe:/a:haxx:libcurl:7.30.0", "cpe:/a:haxx:curl:7.36.0", "cpe:/a:haxx:libcurl:7.19.4", "cpe:/a:haxx:libcurl:7.28.1", "cpe:/a:haxx:libcurl:7.10.8", "cpe:/a:haxx:libcurl:7.16.4", "cpe:/a:haxx:libcurl:7.19.6", "cpe:/a:haxx:curl:7.16.4", "cpe:/a:haxx:libcurl:7.15.5", "cpe:/a:haxx:libcurl:7.21.4", "cpe:/a:haxx:curl:7.13.0", "cpe:/a:haxx:libcurl:7.14.0", "cpe:/a:haxx:curl:7.12.2", "cpe:/a:haxx:curl:7.18.1", "cpe:/a:haxx:curl:7.18.0", "cpe:/a:haxx:curl:7.20.1", "cpe:/a:haxx:curl:7.28.1", "cpe:/a:haxx:curl:7.11.2", "cpe:/a:haxx:curl:7.37.1", "cpe:/a:haxx:libcurl:7.23.0", "cpe:/a:haxx:libcurl:7.18.2", "cpe:/a:haxx:libcurl:7.19.0", "cpe:/a:haxx:curl:7.23.1", "cpe:/a:haxx:curl:7.15.1", "cpe:/a:haxx:libcurl:7.13.1", "cpe:/a:haxx:curl:7.21.5", "cpe:/a:haxx:libcurl:7.21.5", "cpe:/a:haxx:libcurl:7.15.3", "cpe:/a:haxx:libcurl:7.18.0", "cpe:/a:haxx:curl:7.19.6", "cpe:/a:haxx:libcurl:7.12.0", "cpe:/a:haxx:curl:7.12.1", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:haxx:curl:7.30.0", "cpe:/a:haxx:curl:7.29.0", "cpe:/a:haxx:libcurl:7.21.7", "cpe:/a:haxx:curl:7.21.7", "cpe:/a:haxx:libcurl:7.32.0", "cpe:/a:haxx:curl:7.21.1", "cpe:/a:haxx:libcurl:7.15.0", "cpe:/a:haxx:curl:7.19.5", "cpe:/a:haxx:curl:7.17.1", "cpe:/a:haxx:libcurl:7.29.0", "cpe:/o:apple:mac_os_x:10.10.0", "cpe:/a:haxx:curl:7.16.3", "cpe:/a:haxx:libcurl:7.40.0", "cpe:/a:haxx:libcurl:7.27.0", "cpe:/a:haxx:curl:7.19.4", "cpe:/a:haxx:libcurl:7.12.2", "cpe:/a:haxx:curl:7.10.7", "cpe:/a:haxx:libcurl:7.16.2", "cpe:/a:haxx:curl:7.35.0", "cpe:/a:haxx:curl:7.21.4", "cpe:/a:haxx:curl:7.19.2", "cpe:/a:haxx:curl:7.16.1", "cpe:/a:haxx:libcurl:7.10.6", "cpe:/a:haxx:curl:7.12.0", "cpe:/a:haxx:libcurl:7.26.0", "cpe:/a:haxx:libcurl:7.21.2", "cpe:/a:haxx:libcurl:7.21.3", "cpe:/a:haxx:curl:7.10.6", "cpe:/o:apple:mac_os_x:10.10.2", "cpe:/o:apple:mac_os_x:10.10.1", "cpe:/a:haxx:curl:7.21.2", "cpe:/a:haxx:libcurl:7.24.0", "cpe:/a:haxx:libcurl:7.37.1", "cpe:/a:haxx:libcurl:7.41.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:haxx:libcurl:7.19.3", "cpe:/a:haxx:curl:7.33.0", "cpe:/a:haxx:libcurl:7.11.2", "cpe:/a:haxx:curl:7.15.2", "cpe:/a:haxx:curl:7.13.2", "cpe:/a:haxx:libcurl:7.35.0", "cpe:/a:haxx:libcurl:7.19.2", "cpe:/a:haxx:curl:7.41.0", "cpe:/a:haxx:libcurl:7.23.1", "cpe:/a:haxx:libcurl:7.36.0", "cpe:/a:haxx:libcurl:7.17.1", "cpe:/a:haxx:curl:7.15.5", "cpe:/a:haxx:libcurl:7.31.0", "cpe:/a:haxx:libcurl:7.15.1", "cpe:/a:haxx:libcurl:7.28.0", "cpe:/a:haxx:curl:7.10.8", "cpe:/a:haxx:curl:7.14.1", "cpe:/a:haxx:curl:7.28.0", "cpe:/a:haxx:curl:7.19.3", "cpe:/a:haxx:libcurl:7.38.0", "cpe:/a:haxx:curl:7.24.0", "cpe:/a:haxx:curl:7.26.0", "cpe:/a:haxx:curl:7.17.0", "cpe:/a:haxx:curl:7.19.1", "cpe:/a:haxx:libcurl:7.12.1", "cpe:/a:haxx:curl:7.11.1", "cpe:/a:haxx:libcurl:7.37.0", "cpe:/a:haxx:curl:7.31.0", "cpe:/a:haxx:curl:7.18.2", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:haxx:curl:7.21.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/a:haxx:libcurl:7.11.0", "cpe:/a:hp:system_management_homepage:7.5.3.1", "cpe:/a:haxx:libcurl:7.12.3", "cpe:/a:haxx:libcurl:7.20.1", "cpe:/a:haxx:libcurl:7.21.1", "cpe:/a:haxx:curl:7.11.0", "cpe:/a:haxx:libcurl:7.11.1", "cpe:/a:haxx:curl:7.38.0", "cpe:/a:haxx:curl:7.14.0", "cpe:/o:apple:mac_os_x:10.9.5", "cpe:/a:haxx:curl:7.16.0", "cpe:/a:haxx:libcurl:7.20.0", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "CVE-2015-3143", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:hp:system_management_homepage:7.5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:00:25", "description": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.", "cvss3": {}, "published": "2014-04-15T14:55:00", "type": "cve", "title": "CVE-2014-0138", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2018-10-09T19:36:00", "cpe": ["cpe:/a:haxx:curl:7.22.0", "cpe:/a:haxx:libcurl:7.12.2", "cpe:/a:haxx:libcurl:7.21.2", "cpe:/a:haxx:curl:7.16.2", "cpe:/a:haxx:curl:7.15.2", "cpe:/a:haxx:libcurl:7.10.6", "cpe:/a:haxx:curl:7.16.4", "cpe:/a:haxx:curl:7.11.2", "cpe:/a:haxx:curl:7.19.3", "cpe:/a:haxx:curl:7.21.7", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:haxx:libcurl:7.34.0", "cpe:/a:haxx:curl:7.10.7", "cpe:/a:haxx:curl:7.12.1", "cpe:/a:haxx:curl:7.21.6", "cpe:/a:haxx:libcurl:7.21.1", "cpe:/a:haxx:libcurl:7.28.0", "cpe:/a:haxx:libcurl:7.25.0", "cpe:/a:haxx:libcurl:7.32.0", "cpe:/a:haxx:curl:7.23.1", "cpe:/a:haxx:libcurl:7.12.3", "cpe:/a:haxx:curl:7.35.0", "cpe:/a:haxx:libcurl:7.19.4", "cpe:/a:haxx:libcurl:7.15.0", "cpe:/a:haxx:curl:7.27.0", "cpe:/a:haxx:curl:7.30.0", "cpe:/a:haxx:libcurl:7.21.5", "cpe:/a:haxx:curl:7.13.1", "cpe:/a:haxx:curl:7.24.0", "cpe:/a:haxx:curl:7.11.0", "cpe:/a:haxx:curl:7.13.0", "cpe:/a:haxx:curl:7.18.1", "cpe:/a:haxx:libcurl:7.13.0", "cpe:/a:haxx:libcurl:7.24.0", "cpe:/a:haxx:libcurl:7.21.4", "cpe:/a:haxx:curl:7.21.5", "cpe:/a:haxx:libcurl:7.33.0", "cpe:/a:haxx:libcurl:7.20.0", "cpe:/a:haxx:curl:7.21.3", "cpe:/a:haxx:libcurl:7.23.0", "cpe:/a:haxx:libcurl:7.21.3", "cpe:/a:haxx:curl:7.17.0", "cpe:/a:haxx:curl:7.12.3", "cpe:/a:haxx:curl:7.20.0", "cpe:/a:haxx:curl:7.11.1", "cpe:/a:haxx:libcurl:7.28.1", "cpe:/a:haxx:curl:7.20.1", "cpe:/a:haxx:libcurl:7.17.0", "cpe:/a:haxx:libcurl:7.18.0", "cpe:/a:haxx:libcurl:7.16.3", "cpe:/a:haxx:curl:7.15.4", "cpe:/a:haxx:libcurl:7.19.3", "cpe:/a:haxx:curl:7.34.0", "cpe:/a:haxx:libcurl:7.19.6", "cpe:/a:haxx:libcurl:7.21.7", "cpe:/a:haxx:libcurl:7.11.1", "cpe:/a:haxx:curl:7.16.3", "cpe:/a:haxx:curl:7.23.0", "cpe:/a:haxx:libcurl:7.26.0", "cpe:/a:haxx:libcurl:7.12.0", "cpe:/a:haxx:libcurl:7.35.0", "cpe:/a:haxx:curl:7.19.2", "cpe:/a:haxx:curl:7.19.4", "cpe:/a:haxx:libcurl:7.14.1", "cpe:/a:haxx:libcurl:7.15.2", "cpe:/a:haxx:curl:7.16.0", "cpe:/a:haxx:curl:7.28.0", "cpe:/a:haxx:curl:7.14.0", "cpe:/a:haxx:curl:7.21.0", "cpe:/a:haxx:libcurl:7.21.6", "cpe:/a:haxx:curl:7.21.4", "cpe:/a:haxx:libcurl:7.19.5", "cpe:/a:haxx:libcurl:7.15.3", "cpe:/a:haxx:libcurl:7.16.2", "cpe:/a:haxx:curl:7.15.1", "cpe:/a:haxx:libcurl:7.13.2", "cpe:/a:haxx:curl:7.13.2", "cpe:/a:haxx:libcurl:7.15.1", "cpe:/a:haxx:curl:7.10.6", "cpe:/a:haxx:libcurl:7.12.1", "cpe:/a:haxx:curl:7.16.1", "cpe:/a:haxx:curl:7.33.0", "cpe:/a:haxx:curl:7.19.6", "cpe:/a:haxx:curl:7.14.1", "cpe:/a:haxx:curl:7.12.2", "cpe:/a:haxx:libcurl:7.19.2", "cpe:/a:haxx:libcurl:7.16.1", "cpe:/a:haxx:libcurl:7.18.1", "cpe:/a:haxx:libcurl:7.21.0", "cpe:/a:haxx:curl:7.15.3", "cpe:/a:haxx:curl:7.18.2", "cpe:/a:haxx:curl:7.12.0", "cpe:/a:haxx:curl:7.19.5", "cpe:/a:haxx:curl:7.19.1", "cpe:/a:haxx:curl:7.32.0", "cpe:/a:haxx:libcurl:7.15.5", "cpe:/a:haxx:libcurl:7.10.8", "cpe:/a:haxx:libcurl:7.22.0", "cpe:/a:haxx:libcurl:7.27.0", "cpe:/a:haxx:curl:7.21.1", "cpe:/a:haxx:libcurl:7.30.0", "cpe:/a:haxx:curl:7.19.7", "cpe:/a:haxx:libcurl:7.20.1", "cpe:/a:haxx:curl:7.28.1", "cpe:/a:haxx:libcurl:7.23.1", "cpe:/a:haxx:curl:7.10.8", "cpe:/a:haxx:curl:7.25.0", "cpe:/a:haxx:libcurl:7.14.0", "cpe:/a:haxx:curl:7.18.0", "cpe:/a:haxx:libcurl:7.16.0", "cpe:/a:haxx:libcurl:7.18.2", "cpe:/a:haxx:libcurl:7.19.7", "cpe:/a:haxx:libcurl:7.19.1", "cpe:/a:haxx:curl:7.26.0", "cpe:/a:haxx:curl:7.21.2", "cpe:/a:haxx:libcurl:7.17.1", "cpe:/a:haxx:libcurl:7.31.0", "cpe:/a:haxx:curl:7.17.1", "cpe:/a:haxx:libcurl:7.10.7", "cpe:/a:haxx:curl:7.15.5", "cpe:/a:haxx:libcurl:7.29.0", "cpe:/a:haxx:curl:7.15.0", "cpe:/a:haxx:libcurl:7.13.1", "cpe:/a:haxx:libcurl:7.11.0", "cpe:/a:haxx:libcurl:7.19.0", "cpe:/a:haxx:curl:7.29.0", "cpe:/a:haxx:libcurl:7.15.4", "cpe:/a:haxx:curl:7.19.0", "cpe:/a:haxx:libcurl:7.16.4", "cpe:/a:haxx:curl:7.31.0", "cpe:/a:haxx:libcurl:7.11.2"], "id": "CVE-2014-0138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0138", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:57:57", "description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-01-29T20:59:00", "type": "cve", "title": "CVE-2016-0755", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755"], "modified": "2018-10-17T01:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:haxx:curl:7.46.0", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2016-0755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0755", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-04T11:17:24", "description": "Check for the Version of curl", "cvss3": {}, "published": "2014-02-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-2097-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841706", "href": "http://plugins.openvas.org/nasl.php?oid=841706", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2097_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for curl USN-2097-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841706);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-11 10:45:57 +0530 (Tue, 11 Feb 2014)\");\n script_cve_id(\"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Ubuntu Update for curl USN-2097-1\");\n\n tag_insight = \"Paras Sethia and Yehezkel Horowitz discovered that libcurl\nincorrectly reused connections when NTLM authentication was being used. This\ncould lead to the use of unintended credentials, possibly exposing sensitive\ninformation.\";\n\n tag_affected = \"curl on Ubuntu 13.10 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2097-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2097-1/\");\n script_summary(\"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.22.0-3ubuntu4.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.22.0-3ubuntu4.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.22.0-3ubuntu4.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.19.7-1ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.19.7-1ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.32.0-1ubuntu1.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.32.0-1ubuntu1.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.32.0-1ubuntu1.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.27.0-1ubuntu1.8\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.27.0-1ubuntu1.8\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.27.0-1ubuntu1.8\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:48:35", "description": "Paras Sethia discovered that libcurl, a client-side URL transfer\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\nwith NTLM authentication to the same server, sending requests for one\nuser over the connection authenticated as a different user.", "cvss3": {}, "published": "2014-01-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2849-1 (curl - information disclosure)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:702849", "href": "http://plugins.openvas.org/nasl.php?oid=702849", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2849.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2849-1 using nvtgen 1.0\n# Script version: 1.3\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"curl on Debian Linux\";\ntag_insight = \"curl is a client to get files from servers using any of the supported\nprotocols. The command is designed to work without user interaction\nor any kind of interactivity.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze7.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.35.0-1.\n\nWe recommend that you upgrade your curl packages.\";\ntag_summary = \"Paras Sethia discovered that libcurl, a client-side URL transfer\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\nwith NTLM authentication to the same server, sending requests for one\nuser over the connection authenticated as a different user.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702849);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-0015\");\n script_name(\"Debian Security Advisory DSA 2849-1 (curl - information disclosure)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-01-31 00:00:00 +0100 (Fri, 31 Jan 2014)\");\n script_tag(name: \"cvss_base\", value:\"4.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2849.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:48:24", "description": "Check for the Version of curl", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-1876", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867314", "href": "http://plugins.openvas.org/nasl.php?oid=867314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-1876\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867314);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 19:00:47 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-1876\");\n\n tag_insight = \"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\n\";\n\n tag_affected = \"curl on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-1876\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html\");\n script_summary(\"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~4.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:43", "description": "Paras Sethia discovered that libcurl, a client-side URL transfer\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\nwith NTLM authentication to the same server, sending requests for one\nuser over the connection authenticated as a different user.", "cvss3": {}, "published": "2014-01-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2849-1 (curl - information disclosure)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702849", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2849.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2849-1 using nvtgen 1.0\n# Script version: 1.3\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702849\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0015\");\n script_name(\"Debian Security Advisory DSA 2849-1 (curl - information disclosure)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-31 00:00:00 +0100 (Fri, 31 Jan 2014)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2849.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"curl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze7.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.35.0-1.\n\nWe recommend that you upgrade your curl packages.\");\n script_tag(name:\"summary\", value:\"Paras Sethia discovered that libcurl, a client-side URL transfer\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\nwith NTLM authentication to the same server, sending requests for one\nuser over the connection authenticated as a different user.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.21.0-2.1+squeeze7\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"curl\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-dbg\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-gnutls-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-nss-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcurl4-openssl-dev\", ver:\"7.26.0-1+wheezy8\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-1876", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-1876\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867314\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 19:00:47 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-1876\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-1876\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~4.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T23:01:08", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120160", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120160", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120160\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:51 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-295)\");\n script_tag(name:\"insight\", value:\"cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.\");\n script_tag(name:\"solution\", value:\"Run yum update curl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-295.html\");\n script_cve_id(\"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.35.0~2.42.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.35.0~2.42.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.35.0~2.42.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.35.0~2.42.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for curl USN-2097-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841706", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841706", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2097_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for curl USN-2097-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841706\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-11 10:45:57 +0530 (Tue, 11 Feb 2014)\");\n script_cve_id(\"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:N\");\n script_name(\"Ubuntu Update for curl USN-2097-1\");\n\n script_tag(name:\"affected\", value:\"curl on Ubuntu 13.10,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Paras Sethia and Yehezkel Horowitz discovered that libcurl\nincorrectly reused connections when NTLM authentication was being used. This\ncould lead to the use of unintended credentials, possibly exposing sensitive\ninformation.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2097-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2097-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|13\\.10|12\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.22.0-3ubuntu4.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.22.0-3ubuntu4.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.22.0-3ubuntu4.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.19.7-1ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.19.7-1ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3:i386\", ver:\"7.32.0-1ubuntu1.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls:i386\", ver:\"7.32.0-1ubuntu1.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss:i386\", ver:\"7.32.0-1ubuntu1.3\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libcurl3\", ver:\"7.27.0-1ubuntu1.8\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-gnutls\", ver:\"7.27.0-1ubuntu1.8\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcurl3-nss\", ver:\"7.27.0-1ubuntu1.8\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-02T00:00:00", "type": "openvas", "title": "RedHat Update for curl RHSA-2014:0561-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871169", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for curl RHSA-2014:0561-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871169\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-02 17:46:36 +0530 (Mon, 02 Jun 2014)\");\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"RedHat Update for curl RHSA-2014:0561-01\");\n\n\n script_tag(name:\"affected\", value:\"curl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"cURL provides the libcurl library and a command line tool for downloading\nfiles from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections for\nrequests that should have used different or no authentication credentials,\nwhen using one of the following protocols: HTTP(S) with NTLM\nauthentication, LDAP(S), SCP, or SFTP. If an application using the libcurl\nlibrary connected to a remote server with certain authentication\ncredentials, this flaw could cause other requests to use those same\ncredentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these issues.\nUpstream acknowledges Paras Sethia as the original reporter of\nCVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of\nthis issue, and Steve Holme as the original reporter of CVE-2014-0138.\n\nThis update also fixes the following bugs:\n\n * Previously, the libcurl library was closing a network socket without\nfirst terminating the SSL connection using the socket. This resulted in a\nwrite after close and consequent leakage of memory dynamically allocated by\nthe SSL library. An upstream patch has been applied on libcurl to fix this\nbug. As a result, the write after close no longer happens, and the SSL\nlibrary no longer leaks memory. (BZ#1092479)\n\n * Previously, the libcurl library did not implement a non-blocking SSL\nhandshake, which negatively affected performance of applications based on\nlibcurl's multi API. To fix this bug, the non-blocking SSL handshake has\nbeen implemented by libcurl. With this update, libcurl's multi API\nimmediately returns the control back to the application whenever it cannot\nread/write data from/to the underlying network socket. (BZ#1092480)\n\n * Previously, the curl package could not be rebuilt from sources due to an\nexpired cookie in the upstream test-suite, which runs during the build. An\nupstream patch has been applied to postpone the expiration date of the\ncookie, which makes it possible to rebuild the package from sources again.\n(BZ#1092486)\n\n * Previously, the libcurl library attempted to authenticate using Kerberos\nwhenever such an authentication method was offered by the server. This\ncaused problems when the server offered multiple authentication methods and\nKerberos was not the selected one. An upstream patch has been applied on\nlibcurl to fix this bug. Now libcurl no longer uses Kerberos authentication\nif another authentication method is selected. (BZ#1096797)\n\nAl ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0561-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-May/msg00035.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~37.el6_5.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.19.7~37.el6_5.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~37.el6_5.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~37.el6_5.3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-03-17T23:00:56", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-322)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120207", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120207\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:11 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-322)\");\n script_tag(name:\"insight\", value:\"The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015 .\");\n script_tag(name:\"solution\", value:\"Run yum update curl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-322.html\");\n script_cve_id(\"CVE-2014-0138\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.36.0~2.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.36.0~2.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.36.0~2.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.36.0~2.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:40", "description": "Oracle Linux Local Security Checks ELSA-2014-0561", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0561", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0561.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123409\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:25 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0561\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0561 - curl security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0561\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0561.html\");\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~37.el6_5.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~37.el6_5.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~37.el6_5.3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-4436", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867657", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-4436\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867657\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:22:12 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0138\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-4436\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4436\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130927.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~8.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-25T10:48:34", "description": "Check for the Version of curl", "cvss3": {}, "published": "2014-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-4436", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867657", "href": "http://plugins.openvas.org/nasl.php?oid=867657", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-4436\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867657);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:22:12 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0138\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-4436\");\n\n tag_insight = \"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\n\";\n\n tag_affected = \"curl on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4436\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130927.html\");\n script_summary(\"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~8.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-01-27T18:35:45", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1696)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0755", "CVE-2014-0015"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191696", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1696\");\n script_version(\"2020-01-23T12:20:13+0000\");\n script_cve_id(\"CVE-2016-0755\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:20:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1696)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1696\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1696\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1696 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h12\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h12\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T22:57:32", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-02-11T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-652)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0755", "CVE-2014-0015"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120642", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120642\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-02-11 07:16:49 +0200 (Thu, 11 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-652)\");\n script_tag(name:\"insight\", value:\"The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015 . (CVE-2016-0755 )\");\n script_tag(name:\"solution\", value:\"Run yum update curl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-652.html\");\n script_cve_id(\"CVE-2016-0755\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.40.0~8.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.40.0~8.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"curl-debuginfo\", rpm:\"curl-debuginfo~7.40.0~8.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.40.0~8.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-1864", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2013-2174"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867512", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-1864\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867512\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-17 11:38:26 +0530 (Mon, 17 Feb 2014)\");\n script_cve_id(\"CVE-2014-0015\", \"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for curl FEDORA-2014-1864\");\n script_tag(name:\"affected\", value:\"curl on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-1864\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~13.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:29", "description": "Check for the Version of curl", "cvss3": {}, "published": "2014-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-1864", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2013-2174"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867512", "href": "http://plugins.openvas.org/nasl.php?oid=867512", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-1864\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867512);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-17 11:38:26 +0530 (Mon, 17 Feb 2014)\");\n script_cve_id(\"CVE-2014-0015\", \"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for curl FEDORA-2014-1864\");\n\n tag_insight = \"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\n\";\n\n tag_affected = \"curl on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-1864\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html\");\n script_summary(\"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~13.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-02T00:00:00", "type": "openvas", "title": "CentOS Update for curl CESA-2014:0561 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881936", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for curl CESA-2014:0561 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881936\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-02 13:43:01 +0530 (Mon, 02 Jun 2014)\");\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-0138\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"CentOS Update for curl CESA-2014:0561 centos6\");\n\n script_tag(name:\"affected\", value:\"curl on CentOS 6\");\n script_tag(name:\"insight\", value:\"cURL provides the libcurl library and a command line tool\nfor downloading files from servers using various protocols, including HTTP,\nFTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections for\nrequests that should have used different or no authentication credentials,\nwhen using one of the following protocols: HTTP(S) with NTLM\nauthentication, LDAP(S), SCP, or SFTP. If an application using the libcurl\nlibrary connected to a remote server with certain authentication\ncredentials, this flaw could cause other requests to use those same\ncredentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these issues.\nUpstream acknowledges Paras Sethia as the original reporter of\nCVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of\nthis issue, and Steve Holme as the original reporter of CVE-2014-0138.\n\nThis update also fixes the following bugs:\n\n * Previously, the libcurl library was closing a network socket without\nfirst terminating the SSL connection using the socket. This resulted in a\nwrite after close and consequent leakage of memory dynamically allocated by\nthe SSL library. An upstream patch has been applied on libcurl to fix this\nbug. As a result, the write after close no longer happens, and the SSL\nlibrary no longer leaks memory. (BZ#1092479)\n\n * Previously, the libcurl library did not implement a non-blocking SSL\nhandshake, which negatively affected performance of applications based on\nlibcurl's multi API. To fix this bug, the non-blocking SSL handshake has\nbeen implemented by libcurl. With this update, libcurl's multi API\nimmediately returns the control back to the application whenever it cannot\nread/write data from/to the underlying network socket. (BZ#1092480)\n\n * Previously, the curl package could not be rebuilt from sources due to an\nexpired cookie in the upstream test-suite, which runs during the build. An\nupstream patch has been applied to postpone the expiration date of the\ncookie, which makes it possible to rebuild the package from sources again.\n(BZ#1092486)\n\n * Previously, the libcurl library attempted to authenticate using Kerberos\nwhenever such an authentication method was offered by the server. This\ncaused problems when the server offered multiple authentication methods and\nKerberos was not the selected one. An upstream patch has been applied on\nlibcurl to fix this bug. Now libcurl no longer uses Kerberos authentication\nif another authentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications that use libcurl have to be restarted for this update to\ntake effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0561\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-May/020321.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.19.7~37.el6_5.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.19.7~37.el6_5.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.19.7~37.el6_5.3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-25T10:48:20", "description": "Check for the Version of curl", "cvss3": {}, "published": "2014-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-4449", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2013-2174", "CVE-2014-0138"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867656", "href": "http://plugins.openvas.org/nasl.php?oid=867656", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-4449\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867656);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:18:51 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0138\", \"CVE-2014-0015\", \"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for curl FEDORA-2014-4449\");\n\n tag_insight = \"curl is a command line tool for transferring data with URL syntax, supporting\nFTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,\nSMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP\nuploading, HTTP form based upload, proxies, cookies, user+password\nauthentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer\nresume, proxy tunneling and a busload of other useful tricks.\n\";\n\n tag_affected = \"curl on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4449\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130856.html\");\n script_summary(\"Check for the Version of curl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~17.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-04-03T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-4449", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2013-2174", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867656", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-4449\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867656\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 11:18:51 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-0138\", \"CVE-2014-0015\", \"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for curl FEDORA-2014-4449\");\n script_tag(name:\"affected\", value:\"curl on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4449\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130856.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~17.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-09-14T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-10741", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-0015", "CVE-2014-3620", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868185", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868185", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-10741\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868185\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-14 05:54:31 +0200 (Sun, 14 Sep 2014)\");\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-10741\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-10741\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137656.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~13.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-27T18:33:04", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1665)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407", "CVE-2016-0755", "CVE-2014-0015", "CVE-2018-16842"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191665", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1665\");\n script_version(\"2020-01-23T12:19:22+0000\");\n script_cve_id(\"CVE-2016-0755\", \"CVE-2017-7407\", \"CVE-2018-16842\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:19:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:19:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1665)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1665\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1665\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1665 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\nThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~46.h13.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "description": "Check the version of curl", "cvss3": {}, "published": "2014-11-11T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-14354", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868469", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-14354\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868469\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-11 06:21:24 +0100 (Tue, 11 Nov 2014)\");\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-14354\");\n script_tag(name:\"summary\", value:\"Check the version of curl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-14354\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143271.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~15.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:33", "description": "Check the version of curl", "cvss3": {}, "published": "2014-10-09T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-10714", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-0015", "CVE-2014-3620", "CVE-2013-2174", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868370", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868370", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-10714\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868370\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-09 06:00:42 +0200 (Thu, 09 Oct 2014)\");\n script_cve_id(\"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\", \"CVE-2014-0015\", \"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for curl FEDORA-2014-10714\");\n script_tag(name:\"summary\", value:\"Check the version of curl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-10714\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140147.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~23.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:31", "description": "Check the version of curl", "cvss3": {}, "published": "2014-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-15706", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-15706\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868525\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-02 05:21:56 +0100 (Tue, 02 Dec 2014)\");\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-15706\");\n script_tag(name:\"summary\", value:\"Check the version of curl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-15706\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145016.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~16.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:42", "description": "Check the version of curl", "cvss3": {}, "published": "2014-12-14T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-16538", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-16538\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868581\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-14 05:56:11 +0100 (Sun, 14 Dec 2014)\");\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\",\n \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2014-16538\");\n script_tag(name:\"summary\", value:\"Check the version of curl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16538\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146090.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~17.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-27T18:36:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7407", "CVE-2019-5436", "CVE-2016-0755", "CVE-2014-0015", "CVE-2018-16842"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192054", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2054\");\n script_version(\"2020-01-23T12:32:33+0000\");\n script_cve_id(\"CVE-2016-0755\", \"CVE-2017-7407\", \"CVE-2018-16842\", \"CVE-2019-5436\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:32:33 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:32:33 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2054)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2054\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2054\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-2054 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.(CVE-2019-5436)\n\nThe ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.(CVE-2017-7407)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h25\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h25\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h25\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-11T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2015-0418", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2015-0418\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868913\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-11 06:21:48 +0100 (Sun, 11 Jan 2015)\");\n script_cve_id(\"CVE-2014-8150\", \"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\",\n \"CVE-2014-0138\", \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Fedora Update for curl FEDORA-2015-0418\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-0418\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~18.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-01-05T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2014-16690", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2013-2174", "CVE-2014-0138"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2014-16690\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868827\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:56:42 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\",\n \"CVE-2014-0015\", \"CVE-2013-2174\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for curl FEDORA-2014-16690\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16690\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147371.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~27.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:33", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8625", "CVE-2016-0755", "CVE-2015-3153", "CVE-2014-0015", "CVE-2019-5482", "CVE-2018-16842"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192410", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2410\");\n script_version(\"2020-01-23T12:53:53+0000\");\n script_cve_id(\"CVE-2015-3153\", \"CVE-2016-0755\", \"CVE-2016-8625\", \"CVE-2018-16842\", \"CVE-2019-5482\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:53:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:53:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-2410)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2410\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2410\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-2410 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.(CVE-2015-3153)\n\ncurl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.(CVE-2016-8625)\n\nHeap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\nCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.(CVE-2018-16842)\n\nThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.(CVE-2016-0755)\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~35.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~35.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl-devel\", rpm:\"libcurl-devel~7.29.0~35.h30\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "description": "VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation\n issue and security vulnerabilities in third-party libraries.", "cvss3": {}, "published": "2014-12-05T00:00:00", "type": "openvas", "title": "VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities (remote check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3797", "CVE-2014-0191", "CVE-2013-4238", "CVE-2013-2877", "CVE-2014-0015", "CVE-2013-1752", "CVE-2014-8371", "CVE-2014-0138"], "modified": "2018-11-19T00:00:00", "id": "OPENVAS:1361412562310105134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105134", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2014-0012_remote.nasl 12419 2018-11-19 13:45:13Z cfischer $\n#\n# VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities (remote check)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105134\");\n script_cve_id(\"CVE-2014-3797\", \"CVE-2014-8371\", \"CVE-2013-2877\", \"CVE-2014-0191\", \"CVE-2014-0015\",\n \"CVE-2014-0138\", \"CVE-2013-1752\", \"CVE-2013-4238\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 12419 $\");\n script_name(\"VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities (remote check)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-19 14:45:13 +0100 (Mon, 19 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-05 11:32:51 +0100 (Fri, 05 Dec 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esx_web_detect.nasl\");\n script_mandatory_keys(\"VMware/ESX/build\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"a. VMware vCSA cross-site scripting vulnerability\n VMware vCenter Server Appliance (vCSA) contains a vulnerability that may\n allow for Cross Site Scripting. Exploitation of this vulnerability in\n vCenter Server requires tricking a user to click on a malicious link or\n to open a malicious web page while they are logged in into vCenter.\n\n b. vCenter Server certificate validation issue\n vCenter Server does not properly validate the presented certificate\n when establishing a connection to a CIM Server residing on an ESXi\n host. This may allow for a Man-in-the-middle attack against the CIM service.\n\n c. Update to ESXi libxml2 package\n libxml2 is updated to address multiple security issues.\n\n d. Update to ESXi Curl package\n Curl is updated to address multiple security issues.\n\n e. Update to ESXi Python package\n Python is updated to address multiple security issues.\n\n f. vCenter and Update Manager, Oracle JRE 1.6 Update 81\n\n Oracle has documented the CVE identifiers that are addressed in JRE\n 1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory\n of July 2014.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation\n issue and security vulnerabilities in third-party libraries.\");\n\n script_tag(name:\"affected\", value:\"VMware vCenter Server Appliance 5.1 Prior to Update 3\n\n VMware vCenter Server 5.5 prior to Update 2\n\n VMware vCenter Server 5.1 prior to Update 3\n\n VMware vCenter Server 5.0 prior to Update 3c\n\n VMware ESXi 5.1 without patch ESXi510-201412101-SG\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\n\nif( ! esxVersion = get_kb_item( \"VMware/ESX/version\" ) ) exit( 0 );\nif( ! esxBuild = get_kb_item( \"VMware/ESX/build\" ) ) exit( 0 );\n\nfixed_builds = make_array( \"5.1.0\", \"2323231\" );\n\nif( ! fixed_builds[esxVersion] ) exit( 0 );\n\nif( int( esxBuild ) < int( fixed_builds[esxVersion] ) ) {\n security_message( port:0, data:esxi_remote_report( ver:esxVersion, build:esxBuild, fixed_build:fixed_builds[esxVersion] ) );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:33", "description": "VMware vCenter product updates address a Cross Site Scripting issue, a certificate validation\n issue and security vulnerabilities in third-party libraries.", "cvss3": {}, "published": "2014-12-05T00:00:00", "type": "openvas", "title": "VMSA-2014-0012: VMware vCenter product updates address security vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3797", "CVE-2014-0191", "CVE-2013-4238", "CVE-2013-2877", "CVE-2014-0015", "CVE-2013-1752", "CVE-2014-8371", "CVE-2014-0138"], "modified": "2018-11-19T00:00:00", "id": "OPENVAS:1361412562310105135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105135", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vcenter_VMSA-2014-0012.nasl 12419 2018-11-19 13:45:13Z cfischer $\n#\n# VMSA-2014-0012: VMware vCenter product updates address security vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105135\");\n script_cve_id(\"CVE-2014-3797\", \"CVE-2014-8371\", \"CVE-2013-2877\", \"CVE-2014-0191\", \"CVE-2014-0015\",\n \"CVE-2014-0138\", \"CVE-2013-1752\", \"CVE-2013-4238\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"$Revision: 12419 $\");\n script_name(\"VMSA-2014-0012: VMware vCenter product updates address security vulnerabilities\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-19 14:45:13 +0100 (Mon, 19 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-05 11:33:51 +0100 (Fri, 05 Dec 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_vcenter_detect.nasl\");\n script_mandatory_keys(\"VMware_vCenter/version\", \"VMware_vCenter/build\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"a. VMware vCSA cross-site scripting vulnerability\n VMware vCenter Server Appliance (vCSA) contains a vulnerability that may\n allow for Cross Site Scripting. Exploitation of this vulnerability in\n vCenter Server requires tricking a user to click on a malicious link or\n to open a malicious web page while they are logged in into vCenter.\n\n b. vCenter Server certificate validation issue\n vCenter Server does not properly validate the presented certificate\n when establishing a connection to a CIM Server residing on an ESXi\n host. This may allow for a Man-in-the-middle attack against the CIM\n service.\n\n c. Update to ESXi libxml2 package\n libxml2 is updated to address multiple security issues.\n\n d. Update to ESXi Curl package\n Curl is updated to address multiple security issues.\n\n e. Update to ESXi Python package\n Python is updated to address multiple security issues.\n\n f. vCenter and Update Manager, Oracle JRE 1.6 Update 81\n\n Oracle has documented the CVE identifiers that are addressed in JRE\n 1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory of July 2014.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware vCenter product updates address a Cross Site Scripting issue, a certificate validation\n issue and security vulnerabilities in third-party libraries.\");\n\n script_tag(name:\"affected\", value:\"VMware vCenter Server Appliance 5.1 Prior to Update 3\n\n VMware vCenter Server 5.5 prior to Update 2\n\n VMware vCenter Server 5.1 prior to Update 3\n\n VMware vCenter Server 5.0 prior to Update 3c\n\n VMware ESXi 5.1 without patch ESXi510-201412101-SG\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\n\nif ( ! vcenter_version = get_kb_item(\"VMware_vCenter/version\") ) exit( 0 );\nif ( ! vcenter_build = get_kb_item(\"VMware_vCenter/build\") ) exit( 0 );\n\nfixed_builds = make_array( \"5.1.0\", \"2308385\" );\n\nif ( ! fixed_builds[ vcenter_version] ) exit( 0 );\n\nif ( int( vcenter_build ) < int( fixed_builds[ vcenter_version ] ) ) {\n security_message( port:0, data:esxi_remote_report( ver:vcenter_version, build:vcenter_build, fixed_build:fixed_builds[vcenter_version], typ:'vCenter' ) );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-12-19T16:07:00", "description": "VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation\n issue and security vulnerabilities in third-party libraries.", "cvss3": {}, "published": "2014-12-05T00:00:00", "type": "openvas", "title": "VMware ESXi product updates address security vulnerabilities (VMSA-2014-0012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3797", "CVE-2014-0191", "CVE-2013-4238", "CVE-2013-2877", "CVE-2014-0015", "CVE-2013-1752", "CVE-2014-8371", "CVE-2014-0138"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310105133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105133", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105133\");\n script_cve_id(\"CVE-2014-3797\", \"CVE-2014-8371\", \"CVE-2013-2877\", \"CVE-2014-0191\", \"CVE-2014-0015\",\n \"CVE-2014-0138\", \"CVE-2013-1752\", \"CVE-2013-4238\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi product updates address security vulnerabilities (VMSA-2014-0012)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-05 11:31:51 +0100 (Fri, 05 Dec 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"insight\", value:\"a. VMware vCSA cross-site scripting vulnerability\n VMware vCenter Server Appliance (vCSA) contains a vulnerability that may\n allow for Cross Site Scripting. Exploitation of this vulnerability in\n vCenter Server requires tricking a user to click on a malicious link or\n to open a malicious web page while they are logged in into vCenter.\n\n b. vCenter Server certificate validation issue\n vCenter Server does not properly validate the presented certificate\n when establishing a connection to a CIM Server residing on an ESXi\n host. This may allow for a Man-in-the-middle attack against the CIM\n service.\n\n c. Update to ESXi libxml2 package\n libxml2 is updated to address multiple security issues.\n\n d. Update to ESXi Curl package\n Curl is updated to address multiple security issues.\n\n e. Update to ESXi Python package\n Python is updated to address multiple security issues.\n\n f. vCenter and Update Manager, Oracle JRE 1.6 Update 81\n\n Oracle has documented the CVE identifiers that are addressed in JRE\n 1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory of July 2014.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation\n issue and security vulnerabilities in third-party libraries.\");\n\n script_tag(name:\"affected\", value:\"VMware ESXi 5.1 without patch ESXi510-201412101-SG.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"5.1.0\", \"VIB:esx-base:5.1.0-3.50.2323231\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-29T00:00:00", "type": "openvas", "title": "Fedora Update for curl FEDORA-2015-6712", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2015-3145", "CVE-2015-3143", "CVE-2014-0138", "CVE-2015-3148"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for curl FEDORA-2015-6712\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869308\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-29 05:26:56 +0200 (Wed, 29 Apr 2015)\");\n script_cve_id(\"CVE-2015-3143\", \"CVE-2015-3145\", \"CVE-2015-3148\", \"CVE-2014-8150\",\n \"CVE-2014-3707\", \"CVE-2014-3613\", \"CVE-2014-3620\", \"CVE-2014-0138\",\n \"CVE-2014-0015\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for curl FEDORA-2015-6712\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'curl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"curl on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6712\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.32.0~20.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:02:58", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2014-09-19T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities -01 Sep14", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1357", "CVE-2014-1381", "CVE-2014-1380", "CVE-2014-1317", "CVE-2014-1378", "CVE-2014-1358", "CVE-2014-0015", "CVE-2014-1359", "CVE-2014-1375", "CVE-2014-1355", "CVE-2014-1356"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804846", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities -01 Sep14\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804846\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0015\", \"CVE-2014-1317\", \"CVE-2014-1375\", \"CVE-2014-1378\",\n \"CVE-2014-1355\", \"CVE-2014-1359\", \"CVE-2014-1356\", \"CVE-2014-1357\",\n \"CVE-2014-1358\", \"CVE-2014-1380\", \"CVE-2014-1381\");\n script_bugtraq_id(65270, 68272, 68272, 68272, 68274, 68274, 68274, 68274,\n 68274, 68272, 68272);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-09-19 10:06:15 +0530 (Fri, 19 Sep 2014)\");\n\n script_name(\"Apple Mac OS X Multiple Vulnerabilities -01 Sep14\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist. For more details\n refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass security restrictions, disclose sensitive information,\n compromise the affected system, conduct privilege escalation and denial of\n service attacks.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version before 10.9.4\");\n\n script_tag(name:\"solution\", value:\"Run Mac Updates. Please see the references for more information.\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1338\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6296\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1030505\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.9\\.\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_in_range(version:osVer, test_version:\"10.9.0\", test_version2:\"10.9.3\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"10.9.0 - 10.9.3\");\n security_message(port:0, data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:25", "description": "Junos OS is prone to multiple vulnerabilities in\ncURL and libcurl.", "cvss3": {}, "published": "2016-05-07T00:00:00", "type": "openvas", "title": "Junos Multiple cURL and libcurl Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3613", "CVE-2014-8150", "CVE-2015-3153", "CVE-2015-3144", "CVE-2014-3707", "CVE-2014-0015", "CVE-2014-3620", "CVE-2015-3145", "CVE-2015-3143", "CVE-2014-8151", "CVE-2015-3148"], "modified": "2018-10-25T00:00:00", "id": "OPENVAS:1361412562310106069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106069", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_JSA10743.nasl 12096 2018-10-25 12:26:02Z asteins $\n#\n# Junos Multiple cURL and libcurl Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106069\");\n script_version(\"$Revision: 12096 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-25 14:26:02 +0200 (Thu, 25 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-07 00:05:01 +0200 (Sat, 07 May 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2015-3144\", \"CVE-2015-3145\", \"CVE-2014-8151\", \"CVE-2014-3613\",\n \"CVE-2014-3620\", \"CVE-2015-3143\", \"CVE-2015-3148\", \"CVE-2015-3153\",\n \"CVE-2014-3707\", \"CVE-2014-8150\", \"CVE-2014-0015\");\n\n script_name(\"Junos Multiple cURL and libcurl Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to multiple vulnerabilities in\ncURL and libcurl.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Junos OS have been\nresolved by updating cURL and libcurl library. These are used to support downloading\nupdates or importing data into a Junos device.\n\nLibcurl and cURL were upgraded from 7.36.0 to 7.42.1\");\n\n script_tag(name:\"impact\", value:\"The vulnerabilities range from denial of service attacks\nuntil information disclosure. Please check the according CVE resources for more details.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10743\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^12\") {\n if (revcomp(a: version, b: \"12.1X46-D50\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.1X46-D50\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X47-D40\") < 0) &&\n (revcomp(a: version, b: \"12.1X47\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.1X47-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3R11\") < 0) &&\n (revcomp(a: version, b: \"12.3\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.3R11\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3X48-D30\") < 0) &&\n (revcomp(a: version, b: \"12.3X48\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"12.3X48-D30\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a: version, b: \"13.2R9\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.2R9\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.2X51-D39\") < 0) &&\n (revcomp(a: version, b: \"13.2X51\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.2X51-D39\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.3R8\") < 0) &&\n (revcomp(a: version, b: \"13.3\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"13.3R8\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R6\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1R6\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.1X53-D30\") < 0) &&\n (revcomp(a: version, b: \"14.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.1X53-D30\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R5\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"14.2R5\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^15\") {\n if (revcomp(a: version, b: \"15.1R2\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R2\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D40\") < 0) &&\n (revcomp(a: version, b: \"14.1X49\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X49-D40\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D35\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X53-D35\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8623", "CVE-2018-1000120", "CVE-2016-8615", "CVE-2014-3613", "CVE-2014-8150", "CVE-2016-8618", "CVE-2018-1000121", "CVE-2016-7141", "CVE-2017-8817", "CVE-2016-8617", "CVE-2018-1000122", "CVE-2013-1944", "CVE-2016-8622", "CVE-2017-1000257", "CVE-2014-0015", "CVE-2016-8624", "CVE-2016-9586", "CVE-2016-5419", "CVE-2014-0138", "CVE-2016-8621"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191549", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1549\");\n script_version(\"2020-01-23T14:23:06+0000\");\n script_cve_id(\"CVE-2013-1944\", \"CVE-2014-0015\", \"CVE-2014-0138\", \"CVE-2014-3613\", \"CVE-2014-8150\", \"CVE-2016-5419\", \"CVE-2016-7141\", \"CVE-2016-8615\", \"CVE-2016-8617\", \"CVE-2016-8618\", \"CVE-2016-8621\", \"CVE-2016-8622\", \"CVE-2016-8623\", \"CVE-2016-8624\", \"CVE-2016-9586\", \"CVE-2017-1000257\", \"CVE-2017-8817\", \"CVE-2018-1000120\", \"CVE-2018-1000121\", \"CVE-2018-1000122\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:23:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:12:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1549)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1549\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1549\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'curl' package(s) announced via the EulerOS-SA-2019-1549 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121)\n\nIt was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120)\n\nA flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.(CVE-2016-8623)\n\nThe URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.(CVE-2016-8622)\n\nIt was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5419)\n\nA buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257)\n\ncurl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.(CVE-2016-8624)\n\nThe `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.(CVE-2016-8621)\n\nA buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122)\n\ncurl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.(CVE-2016-9586)\n\nThe FTP wildcard function in curl and libcurl before 7.57. ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'curl' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"curl\", rpm:\"curl~7.29.0~46.h10\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libcurl\", rpm:\"libcurl~7.29.0~46.h10\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:52:21", "description": "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication\nmethod is enabled, re-uses NTLM connections, which might allow\ncontext-dependent attackers to authenticate as other users via a request.", "cvss3": {}, "published": "2014-01-31T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0015", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015"], "modified": "2014-01-31T00:00:00", "id": "UB:CVE-2014-0015", "href": "https://ubuntu.com/security/CVE-2014-0015", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "slackware": [{"lastseen": "2019-05-30T07:37:29", "description": "New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/curl-7.35.0-i486-1_slack14.1.txz: Upgraded.\n This update fixes a flaw where libcurl could, in some circumstances, reuse\n the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS\n request.\n For more information, see:\n http://curl.haxx.se/docs/adv_20140129.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.35.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.35.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.35.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.35.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.35.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.35.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.35.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.35.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.35.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.35.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.35.0-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.35.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n08912169b59fa0b024a844abaca29e6f curl-7.35.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ne1bbd6533504ae48901fe07744513d8b curl-7.35.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n12e66cca566dc0ff279f44e74c810012 curl-7.35.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n20ea769b61df981015743adc4f7322f4 curl-7.35.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n0462c2439896e16dae20e4838f2e770b curl-7.35.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n1c758a10531b08a36d8fcd3ea074c105 curl-7.35.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nfddac12eef8bf903a8371d23edff8b97 curl-7.35.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n24fae3d8cf2f850080820145331772b4 curl-7.35.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nb51b7e0da95663e5f7990b952738d357 curl-7.35.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n9124b23d5155506ff672c145c235589d curl-7.35.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n2f4e6a8216f2627b6b05c0a867159599 n/curl-7.35.0-i486-1.txz\n\nSlackware x86_64 -current package:\nfb3cdb6ff3996586f747a9ff6b8a393a n/curl-7.35.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg curl-7.35.0-i486-1_slack14.1.txz", "cvss3": {}, "published": "2014-02-13T16:38:20", "type": "slackware", "title": "curl", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0015"], "modified": "2014-02-13T16:38:20", "id": "SSA-2014-044-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.502652", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2021-07-25T19:32:06", "description": "**Issue Overview:**\n\ncURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 curl-7.35.0-2.42.amzn1.i686 \n \u00a0\u00a0\u00a0 libcurl-7.35.0-2.42.amzn1.i686 \n \u00a0\u00a0\u00a0 libcurl-devel-7.35.0-2.42.amzn1.i686 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.35.0-2.42.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 curl-7.35.0-2.42.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 curl-7.35.0-2.42.amzn1.x86_64 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.35.0-2.42.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-devel-7.35.0-2.42.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-7.35.0-2.42.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2014-02-26T16:51:00", "type": "amazon", "title": "Medium: curl", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015"], "modified": "2014-09-16T22:33:00", "id": "ALAS-2014-295", "href": "https://alas.aws.amazon.com/ALAS-2014-295.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-07-25T19:28:48", "description": "**Issue Overview:**\n\nThe ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. (CVE-2016-0755)\n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 libcurl-devel-7.40.0-8.54.amzn1.i686 \n \u00a0\u00a0\u00a0 curl-7.40.0-8.54.amzn1.i686 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.40.0-8.54.amzn1.i686 \n \u00a0\u00a0\u00a0 libcurl-7.40.0-8.54.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 curl-7.40.0-8.54.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 libcurl-devel-7.40.0-8.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-7.40.0-8.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.40.0-8.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 curl-7.40.0-8.54.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2016-02-09T13:30:00", "type": "amazon", "title": "Low: curl", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755"], "modified": "2016-02-09T13:30:00", "id": "ALAS-2016-652", "href": "https://alas.aws.amazon.com/ALAS-2016-652.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-25T19:31:51", "description": "**Issue Overview:**\n\nThe default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. \n\n \n**Affected Packages:** \n\n\ncurl\n\n \n**Issue Correction:** \nRun _yum update curl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 curl-7.36.0-2.44.amzn1.i686 \n \u00a0\u00a0\u00a0 libcurl-devel-7.36.0-2.44.amzn1.i686 \n \u00a0\u00a0\u00a0 curl-debuginfo-7.36.0-2.44.amzn1.i686 \n \u00a0\u00a0\u00a0 libcurl-7.36.0-2.44.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 curl-7.36.0-2.44.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 curl-debuginfo-7.36.0-2.44.amzn1.x86_64 \n \u00a0\u00a0\u00a0 curl-7.36.0-2.44.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-7.36.0-2.44.amzn1.x86_64 \n \u00a0\u00a0\u00a0 libcurl-devel-7.36.0-2.44.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2014-04-10T23:54:00", "type": "amazon", "title": "Medium: curl", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2014-09-18T00:20:00", "id": "ALAS-2014-322", "href": "https://alas.aws.amazon.com/ALAS-2014-322.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-05-11T23:33:47", "description": "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.", "cvss3": {}, "published": "2014-02-02T00:55:00", "type": "debiancve", "title": "CVE-2014-0015", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015"], "modified": "2014-02-02T00:55:00", "id": "DEBIANCVE:CVE-2014-0015", "href": "https://security-tracker.debian.org/tracker/CVE-2014-0015", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-11T23:33:47", "description": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.", "cvss3": {}, "published": "2014-04-15T14:55:00", "type": "debiancve", "title": "CVE-2014-0138", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2014-04-15T14:55:00", "id": "DEBIANCVE:CVE-2014-0138", "href": "https://security-tracker.debian.org/tracker/CVE-2014-0138", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-11T23:33:47", "description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2016-01-29T20:59:00", "type": "debiancve", "title": "CVE-2016-0755", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2016-0755"], "modified": "2016-01-29T20:59:00", "id": "DEBIANCVE:CVE-2016-0755", "href": "https://security-tracker.debian.org/tracker/CVE-2016-0755", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-11T23:33:47", "description": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", "cvss3": {}, "published": "2015-04-24T14:59:00", "type": "debiancve", "title": "CVE-2015-3143", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2015-3143"], "modified": "2015-04-24T14:59:00", "id": "DEBIANCVE:CVE-2015-3143", "href": "https://security-tracker.debian.org/tracker/CVE-2015-3143", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-21T23:23:40", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2849-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 31, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nVulnerability : information disclosure\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2014-0015\n\nParas Sethia discovered that libcurl, a client-side URL transfer\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\nwith NTLM authentication to the same server, sending requests for one\nuser over the connection authenticated as a different user.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze7.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.35.0-1.\n\nWe recommend that you upgrade your curl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-01-31T07:47:19", "type": "debian", "title": "[SECURITY] [DSA 2849-1] curl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015"], "modified": "2014-01-31T07:47:19", "id": "DEBIAN:DSA-2849-1:56FB2", "href": "https://lists.debian.org/debian-security-announce/2014/msg00019.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "ubuntu": [{"lastseen": "2022-01-04T12:53:44", "description": "Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly \nreused connections when NTLM authentication was being used. This could lead \nto the use of unintended credentials, possibly exposing sensitive \ninformation.\n", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "ubuntu", "title": "curl vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015"], "modified": "2014-02-03T00:00:00", "id": "USN-2097-1", "href": "https://ubuntu.com/security/notices/USN-2097-1", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2021-10-19T18:40:01", "description": "cURL provides the libcurl library and a command line tool for downloading\nfiles from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections for\nrequests that should have used different or no authentication credentials,\nwhen using one of the following protocols: HTTP(S) with NTLM\nauthentication, LDAP(S), SCP, or SFTP. If an application using the libcurl\nlibrary connected to a remote server with certain authentication\ncredentials, this flaw could cause other requests to use those same\ncredentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these issues.\nUpstream acknowledges Paras Sethia as the original reporter of\nCVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of\nthis issue, and Steve Holme as the original reporter of CVE-2014-0138.\n\nThis update also fixes the following bugs:\n\n* Previously, the libcurl library was closing a network socket without\nfirst terminating the SSL connection using the socket. This resulted in a\nwrite after close and consequent leakage of memory dynamically allocated by\nthe SSL library. An upstream patch has been applied on libcurl to fix this\nbug. As a result, the write after close no longer happens, and the SSL\nlibrary no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL\nhandshake, which negatively affected performance of applications based on\nlibcurl's multi API. To fix this bug, the non-blocking SSL handshake has\nbeen implemented by libcurl. With this update, libcurl's multi API\nimmediately returns the control back to the application whenever it cannot\nread/write data from/to the underlying network socket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due to an\nexpired cookie in the upstream test-suite, which runs during the build. An\nupstream patch has been applied to postpone the expiration date of the\ncookie, which makes it possible to rebuild the package from sources again.\n(BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using Kerberos\nwhenever such an authentication method was offered by the server. This\ncaused problems when the server offered multiple authentication methods and\nKerberos was not the selected one. An upstream patch has been applied on\nlibcurl to fix this bug. Now libcurl no longer uses Kerberos authentication\nif another authentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications that use libcurl have to be restarted for this update to\ntake effect.\n", "cvss3": {}, "published": "2014-05-27T00:00:00", "type": "redhat", "title": "(RHSA-2014:0561) Moderate: curl security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2018-06-06T16:24:30", "id": "RHSA-2014:0561", "href": "https://access.redhat.com/errata/RHSA-2014:0561", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-19T20:38:46", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA flaw was found in the way the handle_rx() function handled large network\npackets when mergeable buffers were disabled. A privileged guest user could\nuse this flaw to crash the host or corrupt QEMU process memory on the host,\nwhich could potentially result in arbitrary code execution on the host with\nthe privileges of the QEMU process. (CVE-2014-0077)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0224. Upstream acknowledges KIKUCHI Masashi of Lepidum as the\noriginal reporter of CVE-2014-0224. The CVE-2014-0077 issue was discovered\nby Michael S. Tsirkin of Red Hat.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2014-0015 and CVE-2014-0138 (curl issues)\n\nCVE-2014-2523 and CVE-2013-6383 (kernel issues)\n\nCVE-2014-0179 (libvirt issue)\n\nCVE-2010-5298, CVE-2014-0198, CVE-2014-0221, CVE-2014-0195, and\nCVE-2014-3470 (openssl issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2014-06-05T00:00:00", "type": "redhat", "title": "(RHSA-2014:0629) Important: rhev-hypervisor6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-5298", "CVE-2013-6383", "CVE-2014-0015", "CVE-2014-0077", "CVE-2014-0138", "CVE-2014-0179", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-2523", "CVE-2014-3470"], "modified": "2018-06-07T04:59:39", "id": "RHSA-2014:0629", "href": "https://access.redhat.com/errata/RHSA-2014:0629", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:32", "description": "[7.19.7-37.el6_5.3]\n- fix re-use of wrong HTTP NTLM connection (CVE-2014-0015)\n- fix connection re-use when using different log-in credentials (CVE-2014-0138)\n[7.19.7-37.el6_5.2]\n- fix authentication failure when server offers multiple auth options (#1096797)\n[7.19.7-37.el6_5.1]\n- refresh expired cookie in test172 from upstream test-suite (#1092486)\n- fix a memory leak caused by write after close (#1092479)\n- nss: implement non-blocking SSL handshake (#1092480)", "cvss3": {}, "published": "2014-05-27T00:00:00", "type": "oraclelinux", "title": "curl security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2014-05-27T00:00:00", "id": "ELSA-2014-0561", "href": "http://linux.oracle.com/errata/ELSA-2014-0561.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "f5": [{"lastseen": "2021-06-08T18:45:11", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**ARX**\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, do not enable the API functionality.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n", "cvss3": {}, "published": "2015-05-29T00:00:00", "type": "f5", "title": "SOL16704 - cURL and libcurl vulnerability CVE-2015-3143", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2015-3143"], "modified": "2016-08-24T00:00:00", "id": "SOL16704", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/700/sol16704.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-06-28T14:42:15", "description": "\nF5 Product Development has assigned ID 521026 (BIG-IP), ID 525347 (BIG-IQ), ID 525348 (Enterprise Manager), and ID 476510 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16704 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP DNS| 12.0.0| 12.1.0| | \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| cURL and libcurl* \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4 HF2| Low| cURL and libcurl* \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None| Low| cURL and libcurl* \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None| Low| cURL and libcurl* \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None| Low| cURL and libcurl* \nARX| 6.0.0 - 6.4.0| None| Low| cURL and libcurl \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| Low| cURL and libcurl \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| cURL and libcurl \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| cURL and libcurl \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| cURL and libcurl \nBIG-IQ ADC| 4.5.0| None| Low| cURL and libcurl \nLineRate| None| 2.4.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n*****The cURL libraries and use of NTLM are not exposed in BIG-IP standard monitors. Custom EAV monitors, using cURL and NTLM, may be prone to this vulnerability.\n\n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity** value. Security Advisory articles published before this date do not list a **Severity** value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\n**ARX**\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, do not enable the API functionality.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "cvss3": {}, "published": "2015-05-29T22:02:00", "type": "f5", "title": "cURL and libcurl vulnerability CVE-2015-3143", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2015-3143"], "modified": "2018-02-06T01:02:00", "id": "F5:K16704", "href": "https://support.f5.com/csp/article/K16704", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:45:05", "description": "Recommended Action\n\n**BIG-IP, BIG-IQ, and Enterprise Manager**\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should avoid using the local **cURL** utility on the vulnerable system, if feasible. Additionally, you should only permit access to the system over a secure network and limit login access to trusted users. For more information about securing access to the system, refer to SOL13092: Overview of securing access to the BIG-IP system. \n\n\n**ARX**\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should only permit access to the ARX system over a secure network and limit login access to trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2014-11-25T00:00:00", "type": "f5", "title": "SOL15862 - Multiple cURL and libcurl vulnerabilities CVE-2014-0015, CVE-2014-0138, and CVE-2014-0139", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0139", "CVE-2014-0015", "CVE-2014-0138"], "modified": "2014-11-25T00:00:00", "id": "SOL15862", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15862.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2022-02-27T11:54:03", "description": "**CentOS Errata and Security Advisory** CESA-2014:0561\n\n\ncURL provides the libcurl library and a command line tool for downloading\nfiles from servers using various protocols, including HTTP, FTP, and LDAP.\n\nIt was found that libcurl could incorrectly reuse existing connections for\nrequests that should have used different or no authentication credentials,\nwhen using one of the following protocols: HTTP(S) with NTLM\nauthentication, LDAP(S), SCP, or SFTP. If an application using the libcurl\nlibrary connected to a remote server with certain authentication\ncredentials, this flaw could cause other requests to use those same\ncredentials. (CVE-2014-0015, CVE-2014-0138)\n\nRed Hat would like to thank the cURL project for reporting these issues.\nUpstream acknowledges Paras Sethia as the original reporter of\nCVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of\nthis issue, and Steve Holme as the original reporter of CVE-2014-0138.\n\nThis update also fixes the following bugs:\n\n* Previously, the libcurl library was closing a network socket without\nfirst terminating the SSL connection using the socket. This resulted in a\nwrite after close and consequent leakage of memory dynamically allocated by\nthe SSL library. An upstream patch has been applied on libcurl to fix this\nbug. As a result, the write after close no longer happens, and the SSL\nlibrary no longer leaks memory. (BZ#1092479)\n\n* Previously, the libcurl library did not implement a non-blocking SSL\nhandshake, which negatively affected performance of applications based on\nlibcurl's multi API. To fix this bug, the non-blocking SSL handshake has\nbeen implemented by libcurl. With this update, libcurl's multi API\nimmediately returns the control back to the application whenever it cannot\nread/write data from/to the underlying network socket. (BZ#1092480)\n\n* Previously, the curl package could not be rebuilt from sources due to an\nexpired cookie in the upstream test-suite, which runs during the build. An\nupstream patch has been applied to postpone the expiration date of the\ncookie, which makes it possible to rebuild the package from sources again.\n(BZ#1092486)\n\n* Previously, the libcurl library attempted to authenticate using Kerberos\nwhenever such an authentication method was offered by the server. This\ncaused problems when the server offered multiple authentication methods and\nKerberos was not the selected one. An upstream patch has been applied on\nlibcurl to fix this bug. Now libcurl no longer uses Kerberos authentication\nif another authentication method is selected. (BZ#1096797)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. All running\napplications that use libcurl have to be restarted for this update to\ntake effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2014-May/057240.html\n\n**Affected packages:**\ncurl\nlibcurl\nlibcurl-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2014:0561", "cvss3": {}, "published": "2014-05-28T12:52:04", "type": "centos", "title": "curl, libcurl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138"], "modified": "2014-05-28T12:52:04", "id": "CESA-2014:0561", "href": "https://lists.centos.org/pipermail/centos-announce/2014-May/057240.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user (CVE-2014-0015). libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials (CVE-2014-0138). libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139). \n", "cvss3": {}, "published": "2014-04-03T00:56:35", "type": "mageia", "title": "Updated curl packages fix multiple vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139"], "modified": "2014-04-03T00:56:35", "id": "MGASA-2014-0153", "href": "https://advisories.mageia.org/MGASA-2014-0153.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:46", "description": "- CVE-2015-3143 (re-using authenticated connection when unauthenticated):\n\nlibcurl keeps a pool of its last few connections around after use to\nfascilitate easy, conventient and completely transparent connection\nre-use for applications. When doing HTTP requests NTLM authenticated,\nthe entire connnection becomes authenticated and not just the specific\nHTTP request which is otherwise how HTTP works. This makes NTLM special\nand a subject for special treatment in the code. With NTLM, once the\nconnection is authenticated, no further authentication is necessary\nuntil the connection gets closed. libcurl's connection re-use logic will\nselect an existing connection for re-use when asked to do a request, and\nwhen asked to use NTLM libcurl have to pick a connection with matching\ncredentials only. If a connection was first setup and used for an NTLM\nHTTP request with a specific set of credentials, that same connection\ncould later wrongly get re-used in a subsequent HTTP request that was\nmade to the same host - but without having any credentials set! Since an\nNTLM connection was already authenticated due to how NTLM works, the\nsubsequent request could then get sent over the wrong connection\nappearing as the initial user. This problem is very similar to the\nprevious problem known as CVE-2014-0015. The main difference this time\nis that the subsequent request that wrongly re-use a connection doesn't\nask for NTLM authentication.\n\n- CVE-2015-3144 (host name out of boundary memory access):\n\nThere is a private function in libcurl called fix_hostname() that\nremoves a trailing dot from the host name if there is one. The function\nis called after the host name has been extracted from the URL libcurl\nhas been told to act on. If a URL is given with a zero-length host name,\nlike in "<A HREF=\"http://:80\">http://:80</A>" or just ":80", fix_hostname() will index the host\nname pointer with a -1 offset (as it blindly assumes a non-zero length)\nand both read and assign that address. At best, this gets unnoticed but\ncan also lead to a crash or worse. We have not researched further what\nkind of malicious actions that potentially this could be used for.\n\n- CVE-2015-3145 (cookie parser out of boundary memory access):\n\nlibcurl supports HTTP "cookies" as documented in RFC 6265. Together with\neach individual cookie there are several different properties, but for\nthis vulnerability we focus on the associated "path" element. It tells\ninformation about for which path on a given host the cookies is valid.\nThe internal libcurl function called sanitize_cookie_path() that cleans\nup the path element as given to it from a remote site or when read from\na file, did not properly validate the input. If given a path that\nconsisted of a single double-quote, libcurl would index a newly\nallocated memory area with index -1 and assign a zero to it, thus\ndestroying heap memory it wasn't supposed to. At best, this gets\nunnoticed but can also lead to a crash or worse. We have not researched\nfurther what kind of malicious actions that potentially this could be\nused for. Applications have to explicitly enable cookie parsing in\nlibcurl for this problem to trigger, and if not enabled libcurl will not\nhit this problem.\n\n- CVE-2015-3148 (negotiate not treated as connection-oriented):\n\nlibcurl keeps a pool of its last few connections around after use to\nfascilitate easy, conventient and completely transparent connection\nre-use for applications. When doing HTTP requests Negotiate\nauthenticated, the entire connnection may become authenticated and not\njust the specific HTTP request which is otherwise how HTTP works, as\nNegotiate can basically use NTLM under the hood. curl was not adhering\nto this fact but would assume that such requests would also be\nauthenticated per request. The net effect is that libcurl may end up\nre-using an authenticated Negotiate connection and sending subsequent\nrequests on it using new credentials, while the connection remains\nauthenticated with a previous initial credentials setup.", "edition": 2, "cvss3": {}, "published": "2015-04-24T00:00:00", "type": "archlinux", "title": "curl: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3144", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-04-24T00:00:00", "id": "ASA-201504-28", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2021-06-08T18:38:44", "description": "**a. VMware vCSA cross-site scripting vulnerability** \nVMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. \nVMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "cvss3": {}, "published": "2014-12-04T00:00:00", "type": "vmware", "title": "VMware vSphere product updates address security vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-3797", "CVE-2014-0191", "CVE-2013-4238", "CVE-2013-2877", "CVE-2014-0015", "CVE-2013-1752", "CVE-2014-8371", "CVE-2014-0138"], "modified": "2015-01-27T00:00:00", "id": "VMSA-2014-0012", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0012.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-05-26T00:56:42", "description": "a. VMware vCSA cross-site scripting vulnerabilityVMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.", "cvss3": {}, "published": "2014-12-04T00:00:00", "type": "vmware", "title": "VMware vSphere product updates address security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-2877", "CVE-2013-4238", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0191", "CVE-2014-3797", "CVE-2014-8371"], "modified": "2015-01-27T00:00:00", "id": "VMSA-2014-0012.1", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0012.1.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "oracle": [{"lastseen": "2020-10-04T21:16:02", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ https://blogs.oracle.com/security](<https://blogs.oracle.com/security>).\n\nPlease note that on October 16, 2014, Oracle released information for CVE-2014-3566 \"POODLE\" .Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "cvss3": {}, "published": "2015-03-10T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2015", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2003-0001", "CVE-2004-0230", "CVE-2010-5107", "CVE-2010-5298", "CVE-2011-1944", "CVE-2011-3368", "CVE-2011-3389", "CVE-2011-3607", "CVE-2011-4317", "CVE-2011-4461", "CVE-2012-0053", "CVE-2013-0338", "CVE-2013-1620", "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-2186", "CVE-2013-2877", "CVE-2013-4286", "CVE-2013-4545", "CVE-2013-4784", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5704", "CVE-2013-6438", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0015", "CVE-2014-0050", "CVE-2014-0076", "CVE-2014-0098", "CVE-2014-0114", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0191", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1568", "CVE-2014-3470", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-4212", "CVE-2014-4259", "CVE-2014-4279", "CVE-2014-5704", "CVE-2014-6480", "CVE-2014-6481", "CVE-2014-6509", "CVE-2014-6510", "CVE-2014-6514", "CVE-2014-6518", "CVE-2014-6521", "CVE-2014-6524", "CVE-2014-6525", "CVE-2014-6526", "CVE-2014-6528", "CVE-2014-6541", "CVE-2014-6548", "CVE-2014-6549", "CVE-2014-6556", "CVE-2014-6565", "CVE-2014-6566", "CVE-2014-6567", "CVE-2014-6568", "CVE-2014-6569", "CVE-2014-6570", "CVE-2014-6571", "CVE-2014-6572", "CVE-2014-6573", "CVE-2014-6574", "CVE-2014-6575", "CVE-2014-6576", "CVE-2014-6577", "CVE-2014-6578", "CVE-2014-6579", "CVE-2014-6580", "CVE-2014-6581", "CVE-2014-6582", "CVE-2014-6583", "CVE-2014-6584", "CVE-2014-6585", "CVE-2014-6586", "CVE-2014-6587", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6591", "CVE-2014-6592", "CVE-2014-6593", "CVE-2014-6594", "CVE-2014-6595", "CVE-2014-6596", "CVE-2014-6597", "CVE-2014-6598", "CVE-2014-6599", "CVE-2014-6600", "CVE-2014-6601", "CVE-2015-0362", "CVE-2015-0363", "CVE-2015-0364", "CVE-2015-0365", "CVE-2015-0366", "CVE-2015-0367", "CVE-2015-0368", "CVE-2015-0369", "CVE-2015-0370", "CVE-2015-0371", "CVE-2015-0372", "CVE-2015-0373", "CVE-2015-0374", "CVE-2015-0375", "CVE-2015-0376", "CVE-2015-0377", "CVE-2015-0378", "CVE-2015-0379", "CVE-2015-0380", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0383", "CVE-2015-0384", "CVE-2015-0385", "CVE-2015-0386", "CVE-2015-0387", "CVE-2015-0388", "CVE-2015-0389", "CVE-2015-0390", "CVE-2015-0391", "CVE-2015-0392", "CVE-2015-0393", "CVE-2015-0394", "CVE-2015-0395", "CVE-2015-0396", "CVE-2015-0397", "CVE-2015-0398", "CVE-2015-0399", "CVE-2015-0400", "CVE-2015-0401", "CVE-2015-0402", "CVE-2015-0403", "CVE-2015-0404", "CVE-2015-0406", "CVE-2015-0407", "CVE-2015-0408", "CVE-2015-0409", "CVE-2015-0410", "CVE-2015-0411", "CVE-2015-0412", "CVE-2015-0413", "CVE-2015-0414", "CVE-2015-0415", "CVE-2015-0416", "CVE-2015-0417", "CVE-2015-0418", "CVE-2015-0419", "CVE-2015-0420", "CVE-2015-0421", "CVE-2015-0422", "CVE-2015-0424", "CVE-2015-0425", "CVE-2015-0426", "CVE-2015-0427", "CVE-2015-0428", "CVE-2015-0429", "CVE-2015-0430", "CVE-2015-0431", "CVE-2015-0432", "CVE-2015-0434", "CVE-2015-0435", "CVE-2015-0436", "CVE-2015-0437"], "modified": "2015-01-20T00:00:00", "id": "ORACLE:CPUJAN2015", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:48:57", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nPlease note that on October 16, 2014, Oracle released information for [CVE-2014-3566 \"POODLE\"](<http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "edition": 2, "cvss3": {}, "published": "2015-03-10T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - January 2015", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2011-4317", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-0231", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2013-6449", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2014-0076", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-5704", "CVE-2013-5605", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-1740", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-3470", "CVE-2012-0053", "CVE-2013-1739", "CVE-2014-6599", "CVE-2014-1492", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2013-5606", "CVE-2014-0114", "CVE-2015-0364", "CVE-2014-0050", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2014-0195", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-0198", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2014-0015", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2014-0118", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-1491", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-0117", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "modified": "2015-01-20T00:00:00", "id": "ORACLE:CPUJAN2015-1972971", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-08T18:53:03", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on May 15, 2015, Oracle released [Security Alert for CVE-2015-3456 (QEMU \"Venom\")](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "edition": 2, "cvss3": {}, "published": "2015-07-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - July 2015", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1926", "CVE-2015-1802", "CVE-2015-4000", "CVE-2015-2591", "CVE-2015-0443", "CVE-2015-1803", "CVE-2015-4771", "CVE-2015-2627", "CVE-2015-2615", "CVE-2014-3566", "CVE-2015-4764", "CVE-2015-4774", "CVE-2015-2601", "CVE-2015-4738", "CVE-2014-8098", "CVE-2015-0235", "CVE-2015-4729", "CVE-2015-1804", "CVE-2015-4751", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-4749", "CVE-2014-8092", "CVE-2015-4758", "CVE-2014-7809", "CVE-2015-2643", "CVE-2015-4770", "CVE-2015-4747", "CVE-2015-2661", "CVE-2015-4778", "CVE-2015-2632", "CVE-2015-2625", "CVE-2015-2617", "CVE-2015-4784", "CVE-2015-2664", "CVE-2015-2605", "CVE-2015-2597", "CVE-2015-4785", "CVE-2015-4732", "CVE-2015-2653", "CVE-2014-3572", "CVE-2014-3613", "CVE-2015-0206", "CVE-2014-0227", "CVE-2015-2595", "CVE-2015-4782", "CVE-2015-0286", "CVE-2015-3244", "CVE-2015-2648", "CVE-2015-2657", "CVE-2014-0230", "CVE-2014-8100", "CVE-2015-4789", "CVE-2015-2581", "CVE-2015-2613", "CVE-2015-2658", "CVE-2014-3571", "CVE-2015-4736", "CVE-2015-2599", "CVE-2013-2251", "CVE-2013-5704", "CVE-2015-4739", "CVE-2015-0288", "CVE-2015-4790", "CVE-2013-6422", "CVE-2015-2589", "CVE-2010-1324", "CVE-2015-2623", "CVE-2015-2631", "CVE-2010-4020", "CVE-2015-2596", "CVE-2015-4763", "CVE-2015-0285", "CVE-2015-4783", "CVE-2015-2620", "CVE-2015-2650", "CVE-2011-3389", "CVE-2015-2654", "CVE-2015-0207", "CVE-2015-2607", "CVE-2015-2639", "CVE-2015-2611", "CVE-2015-2645", "CVE-2015-2634", "CVE-2015-2594", "CVE-2014-8275", "CVE-2015-3456", "CVE-2015-0467", "CVE-2015-2584", "CVE-2015-0208", "CVE-2015-2808", "CVE-2013-0249", "CVE-2014-3570", "CVE-2015-2590", "CVE-2015-2656", "CVE-2015-2626", "CVE-2015-2628", "CVE-2015-4768", "CVE-2015-4761", "CVE-2015-4745", "CVE-2015-4750", "CVE-2014-0139", "CVE-2015-2635", "CVE-2015-4756", "CVE-2015-2647", "CVE-2014-3707", "CVE-2015-0293", "CVE-2015-2600", "CVE-2015-2580", "CVE-2014-8097", "CVE-2014-8101", "CVE-2015-2640", "CVE-2015-4733", "CVE-2015-2646", "CVE-2014-1568", "CVE-2015-2651", "CVE-2015-2603", "CVE-2014-8091", "CVE-2015-4765", "CVE-2015-2660", "CVE-2015-2604", "CVE-2015-0255", "CVE-2015-4772", "CVE-2015-2662", "CVE-2015-4735", "CVE-2015-0468", "CVE-2015-4779", "CVE-2015-0209", "CVE-2015-2585", "CVE-2013-2186", "CVE-2014-3567", "CVE-2015-2614", "CVE-2014-0015", "CVE-2015-4737", "CVE-2015-4776", "CVE-2015-4757", "CVE-2015-4728", "CVE-2015-2637", "CVE-2015-2606", "CVE-2015-4769", "CVE-2015-0204", "CVE-2015-2621", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-2638", "CVE-2015-4740", "CVE-2015-2619", "CVE-2015-4731", "CVE-2014-8095", "CVE-2015-4727", "CVE-2015-4741", "CVE-2015-2636", "CVE-2015-2659", "CVE-2015-2655", "CVE-2015-4775", "CVE-2015-4773", "CVE-2014-8102", "CVE-2015-0291", "CVE-2015-4746", "CVE-2015-2629", "CVE-2014-8096", "CVE-2015-4788", "CVE-2015-4755", "CVE-2015-2602", "CVE-2015-4748", "CVE-2015-0287", "CVE-2015-2622", "CVE-2015-2610", "CVE-2012-0036", "CVE-2013-2174", "CVE-2015-2663", "CVE-2015-4742", "CVE-2014-8093", "CVE-2015-0289", "CVE-2015-2652", "CVE-2015-4759", "CVE-2015-0446", "CVE-2015-0292", "CVE-2015-2582", "CVE-2015-4780", "CVE-2014-1569", "CVE-2015-4781", "CVE-2015-2618", "CVE-2015-2641", "CVE-2015-2593", "CVE-2015-4744", "CVE-2015-2598", "CVE-2014-0138", "CVE-2015-2587", "CVE-2015-2630", "CVE-2015-2592", "CVE-2015-4767", "CVE-2015-0290", "CVE-2015-2616", "CVE-2015-0205", "CVE-2015-2624", "CVE-2015-2609", "CVE-2015-4777", "CVE-2010-1323", "CVE-2015-1787", "CVE-2015-4754", "CVE-2014-3569", "CVE-2015-2588", "CVE-2015-4760", "CVE-2015-2583", "CVE-2015-4743", "CVE-2013-4545", "CVE-2015-4752", "CVE-2015-2586", "CVE-2015-4753", "CVE-2015-2649", "CVE-2015-2612", "CVE-2015-2644"], "modified": "2016-07-07T00:00:00", "id": "ORACLE:CPUJUL2015-2367936", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:16:01", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ https://blogs.oracle.com/security](<https://blogs.oracle.com/security/>).\n\n**Please note that on May 15, 2015, Oracle released Security Alert for CVE-2015-3456 (QEMU \"Venom\") .Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456.**\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "cvss3": {}, "published": "2015-07-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2015", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-1323", "CVE-2010-1324", "CVE-2010-4020", "CVE-2011-3389", "CVE-2012-0036", "CVE-2013-0249", "CVE-2013-2174", "CVE-2013-2186", "CVE-2013-2251", "CVE-2013-4545", "CVE-2013-5704", "CVE-2013-6422", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-1568", "CVE-2014-1569", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-7809", "CVE-2014-8091", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0255", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-0443", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-0446", "CVE-2015-0467", "CVE-2015-0468", "CVE-2015-1787", "CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804", "CVE-2015-1926", "CVE-2015-2580", "CVE-2015-2581", "CVE-2015-2582", "CVE-2015-2583", "CVE-2015-2584", "CVE-2015-2585", "CVE-2015-2586", "CVE-2015-2587", "CVE-2015-2588", "CVE-2015-2589", "CVE-2015-2590", "CVE-2015-2591", "CVE-2015-2592", "CVE-2015-2593", "CVE-2015-2594", "CVE-2015-2595", "CVE-2015-2596", "CVE-2015-2597", "CVE-2015-2598", "CVE-2015-2599", "CVE-2015-2600", "CVE-2015-2601", "CVE-2015-2602", "CVE-2015-2603", "CVE-2015-2604", "CVE-2015-2605", "CVE-2015-2606", "CVE-2015-2607", "CVE-2015-2609", "CVE-2015-2610", "CVE-2015-2611", "CVE-2015-2612", "CVE-2015-2613", "CVE-2015-2614", "CVE-2015-2615", "CVE-2015-2616", "CVE-2015-2617", "CVE-2015-2618", "CVE-2015-2619", "CVE-2015-2620", "CVE-2015-2621", "CVE-2015-2622", "CVE-2015-2623", "CVE-2015-2624", "CVE-2015-2625", "CVE-2015-2626", "CVE-2015-2627", "CVE-2015-2628", "CVE-2015-2629", "CVE-2015-2630", "CVE-2015-2631", "CVE-2015-2632", "CVE-2015-2634", "CVE-2015-2635", "CVE-2015-2636", "CVE-2015-2637", "CVE-2015-2638", "CVE-2015-2639", "CVE-2015-2640", "CVE-2015-2641", "CVE-2015-2643", "CVE-2015-2644", "CVE-2015-2645", "CVE-2015-2646", "CVE-2015-2647", "CVE-2015-2648", "CVE-2015-2649", "CVE-2015-2650", "CVE-2015-2651", "CVE-2015-2652", "CVE-2015-2653", "CVE-2015-2654", "CVE-2015-2655", "CVE-2015-2656", "CVE-2015-2657", "CVE-2015-2658", "CVE-2015-2659", "CVE-2015-2660", "CVE-2015-2661", "CVE-2015-2662", "CVE-2015-2663", "CVE-2015-2664", "CVE-2015-2808", "CVE-2015-3244", "CVE-2015-3456", "CVE-2015-4000", "CVE-2015-4727", "CVE-2015-4728", "CVE-2015-4729", "CVE-2015-4731", "CVE-2015-4732", "CVE-2015-4733", "CVE-2015-4735", "CVE-2015-4736", "CVE-2015-4737", "CVE-2015-4738", "CVE-2015-4739", "CVE-2015-4740", "CVE-2015-4741", "CVE-2015-4742", "CVE-2015-4743", "CVE-2015-4744", "CVE-2015-4745", "CVE-2015-4746", "CVE-2015-4747", "CVE-2015-4748", "CVE-2015-4749", "CVE-2015-4750", "CVE-2015-4751", "CVE-2015-4752", "CVE-2015-4753", "CVE-2015-4754", "CVE-2015-4755", "CVE-2015-4756", "CVE-2015-4757", "CVE-2015-4758", "CVE-2015-4759", "CVE-2015-4760", "CVE-2015-4761", "CVE-2015-4763", "CVE-2015-4764", "CVE-2015-4765", "CVE-2015-4767", "CVE-2015-4768", "CVE-2015-4769", "CVE-2015-4770", "CVE-2015-4771", "CVE-2015-4772", "CVE-2015-4773", "CVE-2015-4774", "CVE-2015-4775", "CVE-2015-4776", "CVE-2015-4777", "CVE-2015-4778", "CVE-2015-4779", "CVE-2015-4780", "CVE-2015-4781", "CVE-2015-4782", "CVE-2015-4783", "CVE-2015-4784", "CVE-2015-4785", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-4788", "CVE-2015-4789", "CVE-2015-4790"], "modified": "2016-07-07T00:00:00", "id": "ORACLE:CPUJUL2015", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
