7.3

CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version <= 7.46.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.33% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 3.9 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://security.gentoo.org/glsa/201701-47
http://curl.haxx.se/docs/adv_20160127A.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html
http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html
http://www.debian.org/security/2016/dsa-3455
http://www.securityfocus.com/bid/82307
http://www.securitytracker.com/id/1034882
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965
http://www.ubuntu.com/usn/USN-2882-1
https://support.apple.com/HT207170