KLA10566
Multiple vulnerabilities in cURL
Updated: 06/01/2019
Detect date
?
04/24/2015
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service or conduct other unknown impact.

Below is a complete list of vulnerabilities

  1. Improper re-use of authenticated Negotiate and NTLM connections can be exploited remotely via a specially designed request;
  2. An improper index calculation can be exploited remotely via a specially designed cookie or host name.
Affected products

cURL and libcurl versions from 7.10.6 through 7.41.0

Solution

Update ti the latest version
Get cURL

Original advisories

cURL advisory
cURL advisory
cURL advisory
cURL advisory

Impacts
?
DoS 
[?]

SB 
[?]
CVE-IDS
?
CVE-2015-31485.0Critical
CVE-2015-31457.5Critical
CVE-2015-31435.0Critical
CVE-2015-31449.0Critical