Kaspersky ID:
KLA10566
Detect Date:
04/24/2015
Updated:
06/03/2020

Description

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service or conduct other unknown impact.

Below is a complete list of vulnerabilities

  1. Improper re-use of authenticated Negotiate and NTLM connections can be exploited remotely via a specially designed request;
  2. An improper index calculation can be exploited remotely via a specially designed cookie or host name.

Original advisories

Related products

CVE list

  • CVE-2015-3148
    critical
  • CVE-2015-3145
    critical
  • CVE-2015-3143
    critical
  • CVE-2015-3144
    critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky IT Security Calculator
Calculate
Check now
Learn more about cybersecurity on Kaspersky Encyclopedia
For free
Learn more
Confirm changes?
Your message has been sent successfully.