CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Libcurl	Haxx	7.10.6 (including)	7.10.6 (including)
Libcurl	Haxx	7.10.7 (including)	7.10.7 (including)
Libcurl	Haxx	7.10.8 (including)	7.10.8 (including)
Libcurl	Haxx	7.11.0 (including)	7.11.0 (including)
Libcurl	Haxx	7.11.1 (including)	7.11.1 (including)
Libcurl	Haxx	7.11.2 (including)	7.11.2 (including)
Libcurl	Haxx	7.12.0 (including)	7.12.0 (including)
Libcurl	Haxx	7.12.1 (including)	7.12.1 (including)
Libcurl	Haxx	7.12.2 (including)	7.12.2 (including)
Libcurl	Haxx	7.12.3 (including)	7.12.3 (including)
Libcurl	Haxx	7.13.0 (including)	7.13.0 (including)
Libcurl	Haxx	7.13.1 (including)	7.13.1 (including)
Libcurl	Haxx	7.13.2 (including)	7.13.2 (including)
Libcurl	Haxx	7.14.0 (including)	7.14.0 (including)
Libcurl	Haxx	7.14.1 (including)	7.14.1 (including)
Libcurl	Haxx	7.15.0 (including)	7.15.0 (including)
Libcurl	Haxx	7.15.1 (including)	7.15.1 (including)
Libcurl	Haxx	7.15.2 (including)	7.15.2 (including)
Libcurl	Haxx	7.15.3 (including)	7.15.3 (including)
Libcurl	Haxx	7.15.4 (including)	7.15.4 (including)
Libcurl	Haxx	7.15.5 (including)	7.15.5 (including)
Libcurl	Haxx	7.16.0 (including)	7.16.0 (including)
Libcurl	Haxx	7.16.1 (including)	7.16.1 (including)
Libcurl	Haxx	7.16.2 (including)	7.16.2 (including)
Libcurl	Haxx	7.16.3 (including)	7.16.3 (including)
Libcurl	Haxx	7.16.4 (including)	7.16.4 (including)
Libcurl	Haxx	7.17.0 (including)	7.17.0 (including)
Libcurl	Haxx	7.17.1 (including)	7.17.1 (including)
Libcurl	Haxx	7.18.0 (including)	7.18.0 (including)
Libcurl	Haxx	7.18.1 (including)	7.18.1 (including)
Libcurl	Haxx	7.18.2 (including)	7.18.2 (including)
Libcurl	Haxx	7.19.0 (including)	7.19.0 (including)
Libcurl	Haxx	7.19.1 (including)	7.19.1 (including)
Libcurl	Haxx	7.19.2 (including)	7.19.2 (including)
Libcurl	Haxx	7.19.3 (including)	7.19.3 (including)
Libcurl	Haxx	7.19.4 (including)	7.19.4 (including)
Libcurl	Haxx	7.19.5 (including)	7.19.5 (including)
Libcurl	Haxx	7.19.6 (including)	7.19.6 (including)
Libcurl	Haxx	7.19.7 (including)	7.19.7 (including)
Libcurl	Haxx	7.20.0 (including)	7.20.0 (including)
Libcurl	Haxx	7.20.1 (including)	7.20.1 (including)
Libcurl	Haxx	7.21.0 (including)	7.21.0 (including)
Libcurl	Haxx	7.21.1 (including)	7.21.1 (including)
Libcurl	Haxx	7.21.2 (including)	7.21.2 (including)
Libcurl	Haxx	7.21.3 (including)	7.21.3 (including)
Libcurl	Haxx	7.21.4 (including)	7.21.4 (including)
Libcurl	Haxx	7.21.5 (including)	7.21.5 (including)
Libcurl	Haxx	7.21.6 (including)	7.21.6 (including)
Libcurl	Haxx	7.21.7 (including)	7.21.7 (including)
Libcurl	Haxx	7.22.0 (including)	7.22.0 (including)
Libcurl	Haxx	7.23.0 (including)	7.23.0 (including)
Libcurl	Haxx	7.23.1 (including)	7.23.1 (including)
Libcurl	Haxx	7.24.0 (including)	7.24.0 (including)
Libcurl	Haxx	7.25.0 (including)	7.25.0 (including)
Libcurl	Haxx	7.26.0 (including)	7.26.0 (including)
Libcurl	Haxx	7.27.0 (including)	7.27.0 (including)
Libcurl	Haxx	7.28.0 (including)	7.28.0 (including)
Libcurl	Haxx	7.28.1 (including)	7.28.1 (including)
Libcurl	Haxx	7.29.0 (including)	7.29.0 (including)
Libcurl	Haxx	7.30.0 (including)	7.30.0 (including)
Libcurl	Haxx	7.31.0 (including)	7.31.0 (including)
Libcurl	Haxx	7.32.0 (including)	7.32.0 (including)
Libcurl	Haxx	7.33.0 (including)	7.33.0 (including)
Libcurl	Haxx	7.34.0 (including)	7.34.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0015
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2014-0015

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References