Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-3148
HistoryApr 22, 2015 - 12:00 a.m.

CVE-2015-3148

2015-04-2200:00:00
ubuntu.com
ubuntu.com
8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

77.0%

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated
Negotiate connections, which allows remote attackers to connect as other
users via a request.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchcurl< 7.22.0-3ubuntu4.14UNKNOWN
ubuntu14.04noarchcurl< 7.35.0-1ubuntu2.5UNKNOWN
ubuntu14.10noarchcurl< 7.37.1-1ubuntu3.4UNKNOWN
ubuntu15.04noarchcurl< 7.38.0-3ubuntu2.2UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

77.0%