6.4

CVE-2014-0138

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version7.10.6
HaxxCurl Version7.10.7
HaxxCurl Version7.10.8
HaxxCurl Version7.11.0
HaxxCurl Version7.11.1
HaxxCurl Version7.11.2
HaxxCurl Version7.12.0
HaxxCurl Version7.12.1
HaxxCurl Version7.12.2
HaxxCurl Version7.12.3
HaxxCurl Version7.13.0
HaxxCurl Version7.13.1
HaxxCurl Version7.13.2
HaxxCurl Version7.14.0
HaxxCurl Version7.14.1
HaxxCurl Version7.15.0
HaxxCurl Version7.15.1
HaxxCurl Version7.15.2
HaxxCurl Version7.15.3
HaxxCurl Version7.15.4
HaxxCurl Version7.15.5
HaxxCurl Version7.16.0
HaxxCurl Version7.16.1
HaxxCurl Version7.16.2
HaxxCurl Version7.16.3
HaxxCurl Version7.16.4
HaxxCurl Version7.17.0
HaxxCurl Version7.17.1
HaxxCurl Version7.18.0
HaxxCurl Version7.18.1
HaxxCurl Version7.18.2
HaxxCurl Version7.19.0
HaxxCurl Version7.19.1
HaxxCurl Version7.19.2
HaxxCurl Version7.19.3
HaxxCurl Version7.19.4
HaxxCurl Version7.19.5
HaxxCurl Version7.19.6
HaxxCurl Version7.19.7
HaxxCurl Version7.20.0
HaxxCurl Version7.20.1
HaxxCurl Version7.21.0
HaxxCurl Version7.21.1
HaxxCurl Version7.21.2
HaxxCurl Version7.21.3
HaxxCurl Version7.21.4
HaxxCurl Version7.21.5
HaxxCurl Version7.21.6
HaxxCurl Version7.21.7
HaxxCurl Version7.22.0
HaxxCurl Version7.23.0
HaxxCurl Version7.23.1
HaxxCurl Version7.24.0
HaxxCurl Version7.25.0
HaxxCurl Version7.26.0
HaxxCurl Version7.27.0
HaxxCurl Version7.28.0
HaxxCurl Version7.28.1
HaxxCurl Version7.29.0
HaxxCurl Version7.30.0
HaxxCurl Version7.31.0
HaxxCurl Version7.32.0
HaxxCurl Version7.33.0
HaxxCurl Version7.34.0
HaxxCurl Version7.35.0
HaxxLibcurl Version7.10.6
HaxxLibcurl Version7.10.7
HaxxLibcurl Version7.10.8
HaxxLibcurl Version7.11.0
HaxxLibcurl Version7.11.1
HaxxLibcurl Version7.11.2
HaxxLibcurl Version7.12.0
HaxxLibcurl Version7.12.1
HaxxLibcurl Version7.12.2
HaxxLibcurl Version7.12.3
HaxxLibcurl Version7.13.0
HaxxLibcurl Version7.13.1
HaxxLibcurl Version7.13.2
HaxxLibcurl Version7.14.0
HaxxLibcurl Version7.14.1
HaxxLibcurl Version7.15.0
HaxxLibcurl Version7.15.1
HaxxLibcurl Version7.15.2
HaxxLibcurl Version7.15.3
HaxxLibcurl Version7.15.4
HaxxLibcurl Version7.15.5
HaxxLibcurl Version7.16.0
HaxxLibcurl Version7.16.1
HaxxLibcurl Version7.16.2
HaxxLibcurl Version7.16.3
HaxxLibcurl Version7.16.4
HaxxLibcurl Version7.17.0
HaxxLibcurl Version7.17.1
HaxxLibcurl Version7.18.0
HaxxLibcurl Version7.18.1
HaxxLibcurl Version7.18.2
HaxxLibcurl Version7.19.0
HaxxLibcurl Version7.19.1
HaxxLibcurl Version7.19.2
HaxxLibcurl Version7.19.3
HaxxLibcurl Version7.19.4
HaxxLibcurl Version7.19.5
HaxxLibcurl Version7.19.6
HaxxLibcurl Version7.19.7
HaxxLibcurl Version7.20.0
HaxxLibcurl Version7.20.1
HaxxLibcurl Version7.21.0
HaxxLibcurl Version7.21.1
HaxxLibcurl Version7.21.2
HaxxLibcurl Version7.21.3
HaxxLibcurl Version7.21.4
HaxxLibcurl Version7.21.5
HaxxLibcurl Version7.21.6
HaxxLibcurl Version7.21.7
HaxxLibcurl Version7.22.0
HaxxLibcurl Version7.23.0
HaxxLibcurl Version7.23.1
HaxxLibcurl Version7.24.0
HaxxLibcurl Version7.25.0
HaxxLibcurl Version7.26.0
HaxxLibcurl Version7.27.0
HaxxLibcurl Version7.28.0
HaxxLibcurl Version7.28.1
HaxxLibcurl Version7.29.0
HaxxLibcurl Version7.30.0
HaxxLibcurl Version7.31.0
HaxxLibcurl Version7.32.0
HaxxLibcurl Version7.33.0
HaxxLibcurl Version7.34.0
HaxxLibcurl Version7.35.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.08% 0.912
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://secunia.com/advisories/57836
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://secunia.com/advisories/59458
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://curl.haxx.se/docs/adv_20140326A.html
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
http://secunia.com/advisories/58615
http://www-01.ibm.com/support/docview.wss?uid=swg21675820
http://www.debian.org/security/2014/dsa-2902
http://www.ubuntu.com/usn/USN-2167-1