mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-13 19:06:06 +00:00
890 B
890 B
CVE-2016-0755
Description
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
POC
Reference
- http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html