6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.008 Low
EPSS
Percentile
81.1%
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses
(1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8)
SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow
context-dependent attackers to connect as other users via a request, a
similar issue to CVE-2014-0015.