Lucene search

K

Veracode Vulnerability DatabaseVERACODE:10767

HistoryJan 15, 2019 - 8:51 a.m.

Authentication Bypass

2019-01-1508:51:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

libcurl.so is vulnerable to authentication bypasses. The library re-uses NTLM connections, allowing a malicious user to reuse a connection to bypass authentication.

CPENameOperatorVersion
curleq7.19.7__26.el6_2.4
curleq7.19.7__35.el6
curleq7.19.7__26.el6
curleq7.19.7__26.el6_1.1
curleq7.19.7__26.el6_1.2
curleq7.19.7__36.el6_4
curleq7.19.7__16.el6
libcurl.sole4.3.0

References

archives.neohapsis.com/archives/bugtraq/2014-06/0172.html

curl.haxx.se/docs/adv_20140129.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html

lists.opensuse.org/opensuse-updates/2014-02/msg00066.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/56728

secunia.com/advisories/56731

secunia.com/advisories/56734

secunia.com/advisories/56912

secunia.com/advisories/59458

secunia.com/advisories/59475

support.apple.com/kb/HT6296

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862

www.debian.org/security/2014/dsa-2849

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65270

www.securitytracker.com/id/1029710

www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.502652

www.ubuntu.com/usn/USN-2097-1

www.vmware.com/security/advisories/VMSA-2014-0012.html

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1092486

bugzilla.redhat.com/show_bug.cgi?id=1096797

curl.haxx.se/docs/adv_20140129.html

github.com/curl/curl/commit/8ae35102c43d8d06572c3a1292eb6e27e663c78d

rhn.redhat.com/errata/RHSA-2014-0561.html

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

Related for VERACODE:10767

nessus32 fedora12 prion4 openvas41 securityvulns6 ubuntu1 cve4 debiancve4 slackware1 debian1 amazon3 seebug1 ubuntucve4 f54 oraclelinux1 redhat2 osv1 centos1 alpinelinux1 mageia1 ibm9 archlinux1 vmware2 oracle2