Lucene search
Arch LinuxASA-201602-4HistoryFeb 02, 2016 - 12:00 a.m.
lib32-curl: authentication bypass
2016-02-0200:00:00
Arch Linux
lists.archlinux.org
23
0.017 Low
EPSS
Percentile
87.8%
A vulnerability was found in a way libcurl uses NTLM-authenticated proxy
connections. Libcurl will reuse NTLM-authenticated proxy connections
without properly making sure that the connection was authenticated with
the same credentials as set for this transfer.
Since NTLM-based authentication is connection oriented instead of
request oriented as other HTTP based authentication, it is important
that only connections that have been authenticated with the correct
username + password are reused. This was done properly for server
connections already, but libcurl failed to do it properly for proxy
connections using NTLM, which might allow remote attackers to
authenticate as other users via a request.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| any | any | any | lib32-curl | < 7.47.0-1 | UNKNOWN |
Related
archlinux
archlinux
curl: authentication bypass
2016-02-02 00:00:00
nessus
nessus
openSUSE Security Update : curl (openSUSE-2016-153)
2016-02-08 00:00:00
Fedora 22 : mingw-curl-7.47.0-1.fc22 (2016-5a141de5d9)
2016-03-04 00:00:00
SUSE SLED11 / SLES11 Security Update : curl (SUSE-SU-2016:0347-1)
2016-02-08 00:00:00
openvas
openvas
Fedora Update for mingw-curl FEDORA-2016-55137
2016-02-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0347-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0340-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: curl-7.43.0-5.fc23
2016-01-30 18:26:53
[SECURITY] Fedora 23 Update: mingw-curl-7.47.0-1.fc23
2016-02-17 04:02:22
[SECURITY] Fedora 22 Update: curl-7.40.0-8.fc22
2016-02-02 00:55:34
mageia
mageia
Updated curl packages fix security vulnerability
2016-02-05 20:26:09
ibm
ibm
veracode
veracode
Authentication Bypass
2021-07-05 07:20:24
openwrt
openwrt
curl: Security update (CVE-2016-0755)
2016-03-02 11:23:11
wolfssl: Security update (2 CVEs)
2016-03-02 11:23:10
freebsd
freebsd
curl -- Credentials not checked
2016-01-27 00:00:00
slackware
slackware
[slackware-security] curl
2016-02-08 23:36:17
ubuntu
ubuntu
curl vulnerability
2016-01-27 00:00:00
debian
debian
[SECURITY] [DSA 3455-1] curl security update
2016-01-27 12:16:15
amazon
amazon
Low: curl
2016-02-09 13:30:00
debiancve
debiancve
CVE-2016-0755
2016-01-29 20:59:05
nvd
nvd
CVE-2016-0755
2016-01-29 20:59:05
cve
cve
CVE-2016-0755
2016-01-29 20:59:05
ubuntucve
ubuntucve
CVE-2016-0755
2016-01-27 00:00:00
prion
prion
Design/Logic Flaw
2016-01-29 20:59:00
cvelist
cvelist
CVE-2016-0755
2016-01-29 20:00:00
suse
suse
Security update for sles11sp4-docker-image (important)
2016-03-15 21:11:47
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0420
2023-07-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
apple
apple
About the security content of macOS Sierra 10.12 - Apple Support
2017-01-23 05:36:06
About the security content of macOS Sierra 10.12
2016-09-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00