CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
81.1%
Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly
reused connections when NTLM authentication was being used. This could lead
to the use of unintended credentials, possibly exposing sensitive
information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | libcurl3-nss | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | curl | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | curl-udeb | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3 | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3-dbg | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3-gnutls | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3-udeb | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl4-gnutls-dev | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl4-nss-dev | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl4-openssl-dev | < 7.32.0-1ubuntu1.3 | UNKNOWN |