CVE Vulnerabilities

CVE-2014-0138

Improper Authentication

Published: Apr 15, 2014 | Modified: Oct 09, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Curl Haxx 7.10.6 (including) 7.10.6 (including)
Curl Haxx 7.10.7 (including) 7.10.7 (including)
Curl Haxx 7.10.8 (including) 7.10.8 (including)
Curl Haxx 7.11.0 (including) 7.11.0 (including)
Curl Haxx 7.11.1 (including) 7.11.1 (including)
Curl Haxx 7.11.2 (including) 7.11.2 (including)
Curl Haxx 7.12.0 (including) 7.12.0 (including)
Curl Haxx 7.12.1 (including) 7.12.1 (including)
Curl Haxx 7.12.2 (including) 7.12.2 (including)
Curl Haxx 7.12.3 (including) 7.12.3 (including)
Curl Haxx 7.13.0 (including) 7.13.0 (including)
Curl Haxx 7.13.1 (including) 7.13.1 (including)
Curl Haxx 7.13.2 (including) 7.13.2 (including)
Curl Haxx 7.14.0 (including) 7.14.0 (including)
Curl Haxx 7.14.1 (including) 7.14.1 (including)
Curl Haxx 7.15.0 (including) 7.15.0 (including)
Curl Haxx 7.15.1 (including) 7.15.1 (including)
Curl Haxx 7.15.2 (including) 7.15.2 (including)
Curl Haxx 7.15.3 (including) 7.15.3 (including)
Curl Haxx 7.15.4 (including) 7.15.4 (including)
Curl Haxx 7.15.5 (including) 7.15.5 (including)
Curl Haxx 7.16.0 (including) 7.16.0 (including)
Curl Haxx 7.16.1 (including) 7.16.1 (including)
Curl Haxx 7.16.2 (including) 7.16.2 (including)
Curl Haxx 7.16.3 (including) 7.16.3 (including)
Curl Haxx 7.16.4 (including) 7.16.4 (including)
Curl Haxx 7.17.0 (including) 7.17.0 (including)
Curl Haxx 7.17.1 (including) 7.17.1 (including)
Curl Haxx 7.18.0 (including) 7.18.0 (including)
Curl Haxx 7.18.1 (including) 7.18.1 (including)
Curl Haxx 7.18.2 (including) 7.18.2 (including)
Curl Haxx 7.19.0 (including) 7.19.0 (including)
Curl Haxx 7.19.1 (including) 7.19.1 (including)
Curl Haxx 7.19.2 (including) 7.19.2 (including)
Curl Haxx 7.19.3 (including) 7.19.3 (including)
Curl Haxx 7.19.4 (including) 7.19.4 (including)
Curl Haxx 7.19.5 (including) 7.19.5 (including)
Curl Haxx 7.19.6 (including) 7.19.6 (including)
Curl Haxx 7.19.7 (including) 7.19.7 (including)
Curl Haxx 7.20.0 (including) 7.20.0 (including)
Curl Haxx 7.20.1 (including) 7.20.1 (including)
Curl Haxx 7.21.0 (including) 7.21.0 (including)
Curl Haxx 7.21.1 (including) 7.21.1 (including)
Curl Haxx 7.21.2 (including) 7.21.2 (including)
Curl Haxx 7.21.3 (including) 7.21.3 (including)
Curl Haxx 7.21.4 (including) 7.21.4 (including)
Curl Haxx 7.21.5 (including) 7.21.5 (including)
Curl Haxx 7.21.6 (including) 7.21.6 (including)
Curl Haxx 7.21.7 (including) 7.21.7 (including)
Curl Haxx 7.22.0 (including) 7.22.0 (including)
Curl Haxx 7.23.0 (including) 7.23.0 (including)
Curl Haxx 7.23.1 (including) 7.23.1 (including)
Curl Haxx 7.24.0 (including) 7.24.0 (including)
Curl Haxx 7.25.0 (including) 7.25.0 (including)
Curl Haxx 7.26.0 (including) 7.26.0 (including)
Curl Haxx 7.27.0 (including) 7.27.0 (including)
Curl Haxx 7.28.0 (including) 7.28.0 (including)
Curl Haxx 7.28.1 (including) 7.28.1 (including)
Curl Haxx 7.29.0 (including) 7.29.0 (including)
Curl Haxx 7.30.0 (including) 7.30.0 (including)
Curl Haxx 7.31.0 (including) 7.31.0 (including)
Curl Haxx 7.32.0 (including) 7.32.0 (including)
Curl Haxx 7.33.0 (including) 7.33.0 (including)
Curl Haxx 7.34.0 (including) 7.34.0 (including)
Curl Haxx 7.35.0 (including) 7.35.0 (including)
Libcurl Haxx 7.10.6 (including) 7.10.6 (including)
Libcurl Haxx 7.10.7 (including) 7.10.7 (including)
Libcurl Haxx 7.10.8 (including) 7.10.8 (including)
Libcurl Haxx 7.11.0 (including) 7.11.0 (including)
Libcurl Haxx 7.11.1 (including) 7.11.1 (including)
Libcurl Haxx 7.11.2 (including) 7.11.2 (including)
Libcurl Haxx 7.12.0 (including) 7.12.0 (including)
Libcurl Haxx 7.12.1 (including) 7.12.1 (including)
Libcurl Haxx 7.12.2 (including) 7.12.2 (including)
Libcurl Haxx 7.12.3 (including) 7.12.3 (including)
Libcurl Haxx 7.13.0 (including) 7.13.0 (including)
Libcurl Haxx 7.13.1 (including) 7.13.1 (including)
Libcurl Haxx 7.13.2 (including) 7.13.2 (including)
Libcurl Haxx 7.14.0 (including) 7.14.0 (including)
Libcurl Haxx 7.14.1 (including) 7.14.1 (including)
Libcurl Haxx 7.15.0 (including) 7.15.0 (including)
Libcurl Haxx 7.15.1 (including) 7.15.1 (including)
Libcurl Haxx 7.15.2 (including) 7.15.2 (including)
Libcurl Haxx 7.15.3 (including) 7.15.3 (including)
Libcurl Haxx 7.15.4 (including) 7.15.4 (including)
Libcurl Haxx 7.15.5 (including) 7.15.5 (including)
Libcurl Haxx 7.16.0 (including) 7.16.0 (including)
Libcurl Haxx 7.16.1 (including) 7.16.1 (including)
Libcurl Haxx 7.16.2 (including) 7.16.2 (including)
Libcurl Haxx 7.16.3 (including) 7.16.3 (including)
Libcurl Haxx 7.16.4 (including) 7.16.4 (including)
Libcurl Haxx 7.17.0 (including) 7.17.0 (including)
Libcurl Haxx 7.17.1 (including) 7.17.1 (including)
Libcurl Haxx 7.18.0 (including) 7.18.0 (including)
Libcurl Haxx 7.18.1 (including) 7.18.1 (including)
Libcurl Haxx 7.18.2 (including) 7.18.2 (including)
Libcurl Haxx 7.19.0 (including) 7.19.0 (including)
Libcurl Haxx 7.19.1 (including) 7.19.1 (including)
Libcurl Haxx 7.19.2 (including) 7.19.2 (including)
Libcurl Haxx 7.19.3 (including) 7.19.3 (including)
Libcurl Haxx 7.19.4 (including) 7.19.4 (including)
Libcurl Haxx 7.19.5 (including) 7.19.5 (including)
Libcurl Haxx 7.19.6 (including) 7.19.6 (including)
Libcurl Haxx 7.19.7 (including) 7.19.7 (including)
Libcurl Haxx 7.20.0 (including) 7.20.0 (including)
Libcurl Haxx 7.20.1 (including) 7.20.1 (including)
Libcurl Haxx 7.21.0 (including) 7.21.0 (including)
Libcurl Haxx 7.21.1 (including) 7.21.1 (including)
Libcurl Haxx 7.21.2 (including) 7.21.2 (including)
Libcurl Haxx 7.21.3 (including) 7.21.3 (including)
Libcurl Haxx 7.21.4 (including) 7.21.4 (including)
Libcurl Haxx 7.21.5 (including) 7.21.5 (including)
Libcurl Haxx 7.21.6 (including) 7.21.6 (including)
Libcurl Haxx 7.21.7 (including) 7.21.7 (including)
Libcurl Haxx 7.22.0 (including) 7.22.0 (including)
Libcurl Haxx 7.23.0 (including) 7.23.0 (including)
Libcurl Haxx 7.23.1 (including) 7.23.1 (including)
Libcurl Haxx 7.24.0 (including) 7.24.0 (including)
Libcurl Haxx 7.25.0 (including) 7.25.0 (including)
Libcurl Haxx 7.26.0 (including) 7.26.0 (including)
Libcurl Haxx 7.27.0 (including) 7.27.0 (including)
Libcurl Haxx 7.28.0 (including) 7.28.0 (including)
Libcurl Haxx 7.28.1 (including) 7.28.1 (including)
Libcurl Haxx 7.29.0 (including) 7.29.0 (including)
Libcurl Haxx 7.30.0 (including) 7.30.0 (including)
Libcurl Haxx 7.31.0 (including) 7.31.0 (including)
Libcurl Haxx 7.32.0 (including) 7.32.0 (including)
Libcurl Haxx 7.33.0 (including) 7.33.0 (including)
Libcurl Haxx 7.34.0 (including) 7.34.0 (including)
Libcurl Haxx 7.35.0 (including) 7.35.0 (including)
Red Hat Enterprise Linux 6 RedHat curl-0:7.19.7-37.el6_5.3 *
Curl Ubuntu devel *
Curl Ubuntu lucid *
Curl Ubuntu precise *
Curl Ubuntu quantal *
Curl Ubuntu saucy *
Curl Ubuntu upstream *

Potential Mitigations

References