[v2.4] curl: can allow unauthorized disclosure and modification (CVE-2014-0015)
curl and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
(from redmine: issue id 2672, created on 2014-02-04, closed on 2014-02-07)
- parent #2671 (closed)
- Revision 1e27a084 by Natanael Copa on 2014-02-04T16:47:07Z:
main/curl: fix CVE-2014-0015 fixes #2672