Your submission was sent successfully! Close

CVE-2015-3143

Published: 22 April 2015

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

Priority

Medium

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (7.22.0-3ubuntu4.14)
trusty
Released (7.35.0-1ubuntu2.5)
upstream
Released (7.42.0)
utopic
Released (7.37.1-1ubuntu3.4)
vivid
Released (7.38.0-3ubuntu2.2)
Patches:
upstream: http://curl.haxx.se/CVE-2015-3143.patch