CVE-2016-0755
29.01.2016, 20:59
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.Enginsight
Vendor | Product | Version |
---|---|---|
haxx | curl | 𝑥 ≤ 7.46.0 |
canonical | ubuntu_linux | 12.04 |
canonical | ubuntu_linux | 14.04 |
canonical | ubuntu_linux | 15.04 |
canonical | ubuntu_linux | 15.10 |
debian | debian_linux | 7.0 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Common Weakness Enumeration