CVE-2016-0755Improper Authentication in Curl

CWE-287Improper Authentication13 documents9 sources
Severity
7.3HIGHNVD
CNA4.0OSV4.0
EPSS
0.4%
top 38.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Haxx CurlCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedJan 29
Latest updateMay 14

Description

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

Debianhaxx/curl< 7.47.0-1+3
NVDhaxx/curl7.46.0

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

3
GHSA
GHSA-ff7q-9j5g-56pg: The ConnectionExists function in lib/url2022-05-14
OSV
CVE-2016-0755: The ConnectionExists function in lib/url2016-01-29
CVEList
CVE-2016-0755: The ConnectionExists function in lib/url2016-01-29

📋Vendor Advisories

4
Apple
CVE-2016-0755: macOS Sierra 10.122016-09-20
Red Hat
curl: NTLM credentials not-checked for proxy connection re-use2016-01-27
Ubuntu
curl vulnerability2016-01-27
Debian
CVE-2016-0755: curl - The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not pro...2016

💬Community

5
Bugzilla
CVE-2016-7404 openstack-magnum: Magnum created instances have full API access to creating user's OpenStack account2017-05-12
Bugzilla
CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use2016-01-27
Bugzilla
CVE-2016-0755 mingw-curl: curl: NTLM credentials not-checked for proxy connection re-use [fedora-all]2016-01-27
Bugzilla
CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use [fedora-all]2016-01-27
Bugzilla
CVE-2016-0755 mingw-curl: curl: NTLM credentials not-checked for proxy connection re-use [epel-7]2016-01-27
CVE-2016-0755 — Improper Authentication in Haxx Curl | cvebase