CVE-2014-0015
curl - information disclosure
EPSS 1.3%
Description
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
How to fix CVE-2014-0015
To remediate CVE-2014-0015, upgrade the affected package to a fixed version below.
- Debian/curl—upgrade to 7.35.0-1 or later
- Debian/curl—upgrade to 7.21.0-2.1+squeeze7 or later
Is CVE-2014-0015 being exploited?
Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 7.35.0-1
- from 0, < 7.21.0-2.1+squeeze7