CVE-2016-0755

HIGH

libcurl <7.47.0 - Open Redirect

Title source: llm

Description

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

References (18)

Scores

CVSS v3 7.3
EPSS 0.0041
EPSS Percentile 61.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-287
Status draft

Affected Products (6)

haxx/curl < 7.46.0
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux

Timeline

Published Jan 29, 2016
Tracked Since Feb 18, 2026