Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-3236

Published: 22/06/2015 Updated: 17/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Curl

Vulnerability Summary

cURL and libcurl 7.40.0 up to and including 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote malicious users to obtain sensitive information via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl 7.42.1

haxx libcurl 7.40.0

haxx curl 7.40.0

haxx curl 7.41.0

haxx curl 7.42.0

haxx libcurl 7.42.1

haxx libcurl 7.41.0

haxx libcurl 7.42.0

Vendor Advisories

Amazon Linux AMI: ALAS-2015-551
As <a href="curlhaxxse/docs/adv_20150617Ahtml">discussed upstream</a>, libcurl can wrongly send HTTP credentials when re-using connections (CVE-2015-3236) Also <a href="curlhaxxse/docs/adv_20150617Bhtml">discussed upstream</a>, libcurl can get tricked by a malicious SMB server to send off data it did not ...
Red Hat: CVE-2015-3236
cURL and libcurl 7400 through 7421 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors ...

References

CWE-200http://curl.haxx.se/docs/adv_20150617A.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.securityfocus.com/bid/75385http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10131https://security.gentoo.org/glsa/201509-02http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2015-551.htmlhttps://access.redhat.com/security/cve/cve-2015-3236
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook