CVE-2014-0015

cURL/libcurl <7.35 - Auth Bypass

Title source: llm

Description

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

References (25)

... and 5 more

Scores

EPSS 0.0188
EPSS Percentile 83.0%

Classification

CWE
CWE-287
Status draft

Affected Products (50)

haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
haxx/libcurl
... and 35 more

Timeline

Published Feb 02, 2014
Tracked Since Feb 18, 2026