CVE-2014-0138

cURL/libcurl <7.36.0 - Open Redirect

Title source: llm
STIX 2.1

Description

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

References (18)

Core 18
Core References
Vendor Advisory x_refsource_confirm
http://curl.haxx.se/docs/adv_20140326A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57836
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2902
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59458
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58615
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/23
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57968
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675820
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2167-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57966

Scores

EPSS 0.0094
EPSS Percentile 76.5%

Details

CWE
CWE-287
Status published
Products (50)
debian/debian_linux 7.0
haxx/curl 7.10.6
haxx/curl 7.10.7
haxx/curl 7.10.8
haxx/curl 7.11.0
haxx/curl 7.11.1
haxx/curl 7.11.2
haxx/curl 7.12.0
haxx/curl 7.12.1
haxx/curl 7.12.2
... and 40 more
Published Apr 15, 2014
Tracked Since Feb 18, 2026