4
CVE-2014-0015
- EPSS 1.98%
- Veröffentlicht 02.02.2014 00:55:05
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LogincURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.98% | 0.83 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 4.9 | 4.9 |
AV:N/AC:H/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.