libcurl re-use of wrong NTLM connection

Submitted on 3. February 2014 - 11:07 by rischi.
Last update on 3. February 2014 - 13:04.

IDs:

CVE-2014-0015

Keywords:

libcurl, NTLM

Description:

libcurl (7.10.6 - 7.34.0) may re-use wrong connections from the connection pool if NTLM authentication is used in combination with another authentication scheme.

Airlock is not affected because the NTLM implementation in libcurl is not used.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

No action required

Reference:

Project cURL Security Advisory, January 29th 2014

Main menu

Navigation

User menu

You are here

libcurl re-use of wrong NTLM connection

Main menu

Search form

Navigation

User menu

You are here

libcurl re-use of wrong NTLM connection