CVE-2016-0755

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2016-0755
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.ubuntu.com/usn/USN-2882-1
http://www.debian.org/security/2016/dsa-3455
http://curl.haxx.se/docs/adv_20160127A.html Vendor Advisory
https://support.apple.com/HT207170
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://www.securityfocus.com/bid/82307
http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965
http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html
http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html
http://www.securitytracker.com/id/1034882
https://security.gentoo.org/glsa/201701-47
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Information

Published : 2016-01-29 12:59

Updated : 2018-10-16 18:29

NVD link : CVE-2016-0755

Mitre link : CVE-2016-0755

JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa
Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

haxx

  • curl