CVE-2015-3148

CVSS 5.0 - MEDIUM
Description

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Affected Products
50 of 159
Vendor Product Version
fedoraproject fedora 21
fedoraproject fedora 22
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
canonical ubuntu_linux 15.04
debian debian_linux 7.0
apple mac_os_x 10.10.0
apple mac_os_x 10.10.1
apple mac_os_x 10.10.2
apple mac_os_x 10.10.3
apple mac_os_x 10.10.4
haxx libcurl 7.10.6
haxx libcurl 7.10.7
haxx libcurl 7.10.8
haxx libcurl 7.11.0
haxx libcurl 7.11.1
haxx libcurl 7.11.2
haxx libcurl 7.12.0
haxx libcurl 7.12.1
haxx libcurl 7.12.2
haxx libcurl 7.12.3
haxx libcurl 7.13.0
haxx libcurl 7.13.1
haxx libcurl 7.13.2
haxx libcurl 7.14.0
haxx libcurl 7.14.1
haxx libcurl 7.15.0
haxx libcurl 7.15.1
haxx libcurl 7.15.2
haxx libcurl 7.15.3
haxx libcurl 7.15.4
haxx libcurl 7.15.5
haxx libcurl 7.16.0
haxx libcurl 7.16.1
haxx libcurl 7.16.2
haxx libcurl 7.16.3
haxx libcurl 7.16.4
haxx libcurl 7.17.0
haxx libcurl 7.17.1
haxx libcurl 7.18.0
haxx libcurl 7.18.1
haxx libcurl 7.18.2
haxx libcurl 7.19.0
haxx libcurl 7.19.1
haxx libcurl 7.19.2
haxx libcurl 7.19.3
haxx libcurl 7.19.4
haxx libcurl 7.19.5
haxx libcurl 7.19.6
Showing first 50 of 159 affected products.
References
http://advisories.mageia.org/MGASA-2015-0179.html
http://curl.haxx.se/docs/adv_20150422B.html
http://kb.juniper.net/InfoCenter/index?page=conten...
http://lists.apple.com/archives/security-announce/...
http://lists.fedoraproject.org/pipermail/package-a...
http://lists.fedoraproject.org/pipermail/package-a...
http://lists.fedoraproject.org/pipermail/package-a...
http://lists.fedoraproject.org/pipermail/package-a...
http://lists.fedoraproject.org/pipermail/package-a...
http://lists.opensuse.org/opensuse-updates/2015-04...
http://marc.info/?l=bugtraq&m=145612005512270&w=2
http://rhn.redhat.com/errata/RHSA-2015-1254.html
http://www.debian.org/security/2015/dsa-3232
http://www.mandriva.com/security/advisories?name=M...
http://www.mandriva.com/security/advisories?name=M...
http://www.oracle.com/technetwork/topics/security/...
http://www.oracle.com/technetwork/topics/security/...
http://www.securityfocus.com/bid/74301
http://www.securitytracker.com/id/1032232
http://www.ubuntu.com/usn/USN-2591-1
Weakness Types
CWE-284
CVE Information
CVE ID:
CVE-2015-3148
Published:
2015-04-24
Modified:
2026-05-06
CVSS Score:
5.0
Severity:
MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Vendors
haxx apple canonical hp fedoraproject debian opensuse
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL