Haxx : Security Vulnerabilities, CVEs, Published In 2014 (Bypass)
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Max CVSS
6.4
EPSS Score
0.62%
Published
2014-04-15
Updated
2018-10-09
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
Max CVSS
4.0
EPSS Score
0.75%
Published
2014-02-02
Updated
2018-10-09
2 vulnerabilities found