CVE-2015-3143
medium
HPE CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Score
3.5%
Exploitation probability in 30 days
Top 12% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
CWE
CWE-264Affected Products
haxx curlcanonical ubuntu linuxdebian debian linuxhaxx libcurlhp system management homepageapple mac os x