6.8 Medium
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.008 Low
EPSS
Percentile
80.8%
Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly
reused connections when NTLM authentication was being used. This could lead
to the use of unintended credentials, possibly exposing sensitive
information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | libcurl3-nss | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | curl | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | curl-udeb | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3 | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3-dbg | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3-gnutls | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl3-udeb | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl4-gnutls-dev | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl4-nss-dev | < 7.32.0-1ubuntu1.3 | UNKNOWN |
Ubuntu | 13.10 | noarch | libcurl4-openssl-dev | < 7.32.0-1ubuntu1.3 | UNKNOWN |