The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-3455-1 | curl security update |
![]() |
EUVD-2016-0775 | The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. |
![]() |
USN-2882-1 | curl vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-05T22:30:04.298Z
Reserved: 2015-12-16T00:00:00
Link: CVE-2016-0755

No data.

Status : Deferred
Published: 2016-01-29T20:59:05.653
Modified: 2025-04-12T10:46:40.837
Link: CVE-2016-0755


No data.