CVE-2014-0015 (retired)

Priority
Description
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication
method is enabled, re-uses NTLM connections, which might allow
context-dependent attackers to authenticate as other users via a request.
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.35.0-1)
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu1)
Patches:
Upstream:https://github.com/bagder/curl/commit/8ae35102c43d8d (7.28+)
Upstream:curl.haxx.se/CVE-2014-0015-7-27.patch (7.27-)
More Information

Updated: 2019-03-26 12:11:51 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)