CVE-2015-3143

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
haxxcurl
7.10.6
haxxcurl
7.10.7
haxxcurl
7.10.8
haxxcurl
7.11.0
haxxcurl
7.11.1
haxxcurl
7.11.2
haxxcurl
7.12.0
haxxcurl
7.12.1
haxxcurl
7.12.2
haxxcurl
7.12.3
haxxcurl
7.13.0
haxxcurl
7.13.1
haxxcurl
7.13.2
haxxcurl
7.14.0
haxxcurl
7.14.1
haxxcurl
7.15.0
haxxcurl
7.15.1
haxxcurl
7.15.2
haxxcurl
7.15.3
haxxcurl
7.15.4
haxxcurl
7.15.5
haxxcurl
7.16.0
haxxcurl
7.16.1
haxxcurl
7.16.2
haxxcurl
7.16.3
haxxcurl
7.16.4
haxxcurl
7.17.0
haxxcurl
7.17.1
haxxcurl
7.18.0
haxxcurl
7.18.1
haxxcurl
7.18.2
haxxcurl
7.19.0
haxxcurl
7.19.1
haxxcurl
7.19.2
haxxcurl
7.19.3
haxxcurl
7.19.4
haxxcurl
7.19.5
haxxcurl
7.19.6
haxxcurl
7.19.7
haxxcurl
7.20.0
haxxcurl
7.20.1
haxxcurl
7.21.0
haxxcurl
7.21.1
haxxcurl
7.21.2
haxxcurl
7.21.3
haxxcurl
7.21.4
haxxcurl
7.21.5
haxxcurl
7.21.6
haxxcurl
7.21.7
haxxcurl
7.22.0
haxxcurl
7.23.0
haxxcurl
7.23.1
haxxcurl
7.24.0
haxxcurl
7.25.0
haxxcurl
7.26.0
haxxcurl
7.27.0
haxxcurl
7.28.0
haxxcurl
7.28.1
haxxcurl
7.29.0
haxxcurl
7.30.0
haxxcurl
7.31.0
haxxcurl
7.32.0
haxxcurl
7.33.0
haxxcurl
7.34.0
haxxcurl
7.35.0
haxxcurl
7.36.0
haxxcurl
7.37.1
haxxcurl
7.38.0
haxxcurl
7.39.0
haxxcurl
7.40.0
haxxcurl
7.41.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
debiandebian_linux
7.0
haxxlibcurl
7.10.6
haxxlibcurl
7.10.7
haxxlibcurl
7.10.8
haxxlibcurl
7.11.0
haxxlibcurl
7.11.1
haxxlibcurl
7.11.2
haxxlibcurl
7.12.0
haxxlibcurl
7.12.1
haxxlibcurl
7.12.2
haxxlibcurl
7.12.3
haxxlibcurl
7.13.0
haxxlibcurl
7.13.1
haxxlibcurl
7.13.2
haxxlibcurl
7.14.0
haxxlibcurl
7.14.1
haxxlibcurl
7.15.0
haxxlibcurl
7.15.1
haxxlibcurl
7.15.2
haxxlibcurl
7.15.3
haxxlibcurl
7.15.4
haxxlibcurl
7.15.5
haxxlibcurl
7.16.0
haxxlibcurl
7.16.1
haxxlibcurl
7.16.2
haxxlibcurl
7.16.3
haxxlibcurl
7.16.4
haxxlibcurl
7.17.0
haxxlibcurl
7.17.1
haxxlibcurl
7.18.0
haxxlibcurl
7.18.1
haxxlibcurl
7.18.2
haxxlibcurl
7.19.0
haxxlibcurl
7.19.1
haxxlibcurl
7.19.2
haxxlibcurl
7.19.3
haxxlibcurl
7.19.4
haxxlibcurl
7.19.5
haxxlibcurl
7.19.6
haxxlibcurl
7.19.7
haxxlibcurl
7.20.0
haxxlibcurl
7.20.1
haxxlibcurl
7.21.0
haxxlibcurl
7.21.1
haxxlibcurl
7.21.2
haxxlibcurl
7.21.3
haxxlibcurl
7.21.4
haxxlibcurl
7.21.5
haxxlibcurl
7.21.6
haxxlibcurl
7.21.7
haxxlibcurl
7.22.0
haxxlibcurl
7.23.0
haxxlibcurl
7.23.1
haxxlibcurl
7.24.0
haxxlibcurl
7.25.0
haxxlibcurl
7.26.0
haxxlibcurl
7.27.0
haxxlibcurl
7.28.0
haxxlibcurl
7.28.1
haxxlibcurl
7.29.0
haxxlibcurl
7.30.0
haxxlibcurl
7.31.0
haxxlibcurl
7.32.0
haxxlibcurl
7.33.0
haxxlibcurl
7.34.0
haxxlibcurl
7.35.0
haxxlibcurl
7.36.0
haxxlibcurl
7.37.0
haxxlibcurl
7.37.1
haxxlibcurl
7.38.0
haxxlibcurl
7.39
haxxlibcurl
7.40.0
haxxlibcurl
7.41.0
hpsystem_management_homepage
𝑥
≤ 7.5.3.1
applemac_os_x
𝑥
≤ 10.9.5
applemac_os_x
10.10.0
applemac_os_x
10.10.1
applemac_os_x
10.10.2
applemac_os_x
10.10.3
applemac_os_x
10.10.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
curl
bullseye
7.74.0-1.3+deb11u13
fixed
bullseye (security)
7.74.0-1.3+deb11u11
fixed
bookworm
7.88.1-10+deb12u7
fixed
bookworm (security)
7.88.1-10+deb12u5
fixed
sid
8.10.1-2
fixed
trixie
8.10.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
curl
vivid
Fixed 7.38.0-3ubuntu2.2
released
utopic
Fixed 7.37.1-1ubuntu3.4
released
trusty
Fixed 7.35.0-1ubuntu2.5
released
precise
Fixed 7.22.0-3ubuntu4.14
released
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0179.html
http://curl.haxx.se/docs/adv_20150422A.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html
http://marc.info/?l=bugtraq&m=145612005512270&w=2
http://rhn.redhat.com/errata/RHSA-2015-1254.html
http://www.debian.org/security/2015/dsa-3232
http://www.mandriva.com/security/advisories?name=MDVSA-2015:219
http://www.mandriva.com/security/advisories?name=MDVSA-2015:220
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/74299
http://www.securitytracker.com/id/1032232
http://www.ubuntu.com/usn/USN-2591-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://security.gentoo.org/glsa/201509-02
https://support.apple.com/kb/HT205031
http://advisories.mageia.org/MGASA-2015-0179.html
http://curl.haxx.se/docs/adv_20150422A.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html
http://marc.info/?l=bugtraq&m=145612005512270&w=2
http://rhn.redhat.com/errata/RHSA-2015-1254.html
http://www.debian.org/security/2015/dsa-3232
http://www.mandriva.com/security/advisories?name=MDVSA-2015:219
http://www.mandriva.com/security/advisories?name=MDVSA-2015:220
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/74299
http://www.securitytracker.com/id/1032232
http://www.ubuntu.com/usn/USN-2591-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://security.gentoo.org/glsa/201509-02
https://support.apple.com/kb/HT205031