mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
974 B
974 B
CVE-2014-0015
Description
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
POC
Reference
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Github
No PoCs found on GitHub currently.