The ConnectionExists function in lib/url.c in libcurl prior to 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote malicious users to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
haxx curl |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
debian debian linux 7.0 |