The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-01-29T20:00:00
Updated: 2024-08-05T22:30:04.298Z
Reserved: 2015-12-16T00:00:00
Link: CVE-2016-0755
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-01-29T20:59:05.653
Modified: 2024-11-21T02:42:18.890
Link: CVE-2016-0755
Redhat