Showing 1 - 4 of 4

CVE-2016-0755

Status Candidate

Overview

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

Related Files

Gentoo Linux Security Advisory 201701-47: Posted Jan 20, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201701-47 - Multiple vulnerabilities have been found in cURL, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 7.52.1 are affected.; tags | advisory, remote, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2014-8150, CVE-2014-8151, CVE-2016-0755, CVE-2016-3739, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2016-9594; MD5 | e9977d9e331b08e39be999454888496b; Download | Favorite | View

Slackware Security Advisory - curl Updates: Posted Feb 10, 2016; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.; tags | advisory; systems | linux, slackware; advisories | CVE-2016-0755; MD5 | 58f1e066069847a09cf398e10ccd8a0e; Download | Favorite | View

Ubuntu Security Notice USN-2882-1: Posted Jan 28, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2882-1 - Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy credentials when subsequently connecting to the same host.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2016-0755; MD5 | ed1dd1d742c79959c7c834167708bf80; Download | Favorite | View

Debian Security Advisory 3455-1: Posted Jan 27, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3455-1 - Isaac Boukris discovered that cURL, an URL transfer library, reused NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for the new transfer. This could lead to HTTP requests being sent over the connection authenticated as a different user.; tags | advisory, web; systems | linux, debian; advisories | CVE-2016-0755; MD5 | 3d34f6395667bc1ff99c8cf65d40d475; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 58 files
malvuln 45 files
Ubuntu 39 files
Gentoo 26 files
LiquidWorm 10 files
Mesut Cetin 6 files
SunCSR 5 files
Kshitiz Raj 5 files
1F98D 5 files
Jeremy Brown 5 files

File Archives

Systems

AIX (421)
Apple (1,760)
BSD (368)
Cisco (1,902)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,011)
HPUX (873)
iOS (280)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,239)
Mac OS X (672)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,569)
Slackware (941)
Solaris (1,597)
SUSE (1,444)
Ubuntu (7,072)
UNIX (8,824)
UnixWare (180)
Windows (5,738)
Other

CVE-2016-0755

Overview

Related Files

File Archive:

January 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems