You are here
curl: Two vulnerabilities fixed in Version 7.46.0
Submitted on 1. February 2016 - 16:19 by rischi.
Last update on 1. February 2016 - 17:10.
Last update on 1. February 2016 - 17:10.
IDs:
CVE-2016-0755, CVE-2016-0754
Keywords:
curl, NTLM
Description:
Curl released a new version 7.46.0 fixing two vulnerabilities.
Airlock WAF is not affected.
Details:
CVE-2016-0754: Remote file name path traversal vulnerability because curl does not sanitize colons in a remote file name. Airlock WAF is not affected because this vulnerability only affects the command line tool on Windows.
CVE-2016-0755: libcurl will reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. Airlock WAF is not affected because for NTLM back-end authentication Airlock WAF forces a new connection with every request (no TCP keep-alive).
Resolution:
no action required
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required
Reference: