Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-0138 (GCVE-0-2014-0138)
Vulnerability from cvelistv5 – Published: 2014-04-15 14:00 – Updated: 2024-08-06 09:05
VLAI?
EPSS
Summary
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "57836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57836"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2902",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"name": "59458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59458"
},
{
"name": "openSUSE-SU-2014:0530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"name": "58615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58615"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "57968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57968"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"name": "USN-2167-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name": "57966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "57836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57836"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2902",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"name": "59458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59458"
},
{
"name": "openSUSE-SU-2014:0530",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"name": "58615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58615"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "57968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57968"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"name": "USN-2167-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name": "57966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://curl.haxx.se/docs/adv_20140326A.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "57836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57836"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2902",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"name": "59458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59458"
},
{
"name": "openSUSE-SU-2014:0530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"name": "58615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58615"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "57968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57968"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"name": "USN-2167-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name": "57966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0138",
"datePublished": "2014-04-15T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:38.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2014-AVI-507
Vulnerability from certfr_avis - Published: 2014-12-08 - Updated: 2014-12-08
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | vCenter Server | VMware vCenter Server 5.1 avant la mise à jour numéro 3 | ||
| VMware | vCenter Server | VMware vCenter Server 5.0 avant la mise à jour numéro 3c | ||
| VMware | vCenter Server | VMware vCenter Server 5.5 avant la mise à jour numéro 2 | ||
| VMware | vCenter Server | VMware vCenter Server Appliance 5.1 avant la mise à jour numéro 3 | ||
| VMware | ESXi | VMware ESXi 5.1 sans le patch ESXi510-201412101-SG |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware vCenter Server 5.1 avant la mise \u00e0 jour num\u00e9ro 3",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server 5.0 avant la mise \u00e0 jour num\u00e9ro 3c",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server 5.5 avant la mise \u00e0 jour num\u00e9ro 2",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server Appliance 5.1 avant la mise \u00e0 jour num\u00e9ro 3",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi 5.1 sans le patch ESXi510-201412101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4238",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4238"
},
{
"name": "CVE-2014-0191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0191"
},
{
"name": "CVE-2014-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2877"
},
{
"name": "CVE-2014-3797",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3797"
},
{
"name": "CVE-2014-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0138"
},
{
"name": "CVE-2014-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0015"
},
{
"name": "CVE-2014-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1752"
},
{
"name": "CVE-2014-8371",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8371"
}
],
"initial_release_date": "2014-12-08T00:00:00",
"last_revision_date": "2014-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-507",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection\nde code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware du 04 d\u00e9cembre 2014",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
]
}
CERTFR-2018-AVI-339
Vulnerability from certfr_avis - Published: 2018-07-12 - Updated: 2018-07-12
De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Service Orchestration (CSO) versions antérieures à 4.0.0 et 3.3.0 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 18.1R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 4.0.0 et 3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 18.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7407"
},
{
"name": "CVE-2018-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0027"
},
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2015-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3153"
},
{
"name": "CVE-2018-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0024"
},
{
"name": "CVE-2017-1000257",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000257"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2013-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
},
{
"name": "CVE-2018-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2603"
},
{
"name": "CVE-2017-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8818"
},
{
"name": "CVE-2018-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0031"
},
{
"name": "CVE-2018-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0035"
},
{
"name": "CVE-2018-1000115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
},
{
"name": "CVE-2016-9952",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9952"
},
{
"name": "CVE-2017-10295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10295"
},
{
"name": "CVE-2013-4545",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4545"
},
{
"name": "CVE-2015-7236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7236"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2016-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4802"
},
{
"name": "CVE-2017-10388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10388"
},
{
"name": "CVE-2016-9953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9953"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2018-0039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0039"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2015-3148",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3148"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2014-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3613"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2013-6422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6422"
},
{
"name": "CVE-2018-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0042"
},
{
"name": "CVE-2018-2618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2618"
},
{
"name": "CVE-2018-1000005",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000005"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0754"
},
{
"name": "CVE-2017-1000101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000101"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2014-8150",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
},
{
"name": "CVE-2014-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3707"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2018-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0037"
},
{
"name": "CVE-2015-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3143"
},
{
"name": "CVE-2018-0040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0040"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2018-2637",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2637"
},
{
"name": "CVE-2017-10198",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10198"
},
{
"name": "CVE-2017-10355",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10355"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2016-3739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3739"
},
{
"name": "CVE-2018-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2663"
},
{
"name": "CVE-2017-15896",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15896"
},
{
"name": "CVE-2018-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2579"
},
{
"name": "CVE-2017-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8816"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2017-9502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9502"
},
{
"name": "CVE-2018-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0030"
},
{
"name": "CVE-2018-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0034"
},
{
"name": "CVE-2018-2633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2633"
},
{
"name": "CVE-2000-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2000-0973"
},
{
"name": "CVE-2014-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0139"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2014-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0138"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2018-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0029"
},
{
"name": "CVE-2018-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0025"
},
{
"name": "CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"name": "CVE-2018-2599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2599"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2017-10356",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10356"
},
{
"name": "CVE-2018-0038",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0038"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-10345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10345"
},
{
"name": "CVE-2018-0041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0041"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-2629",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2629"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2013-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2174"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0032"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2018-2678",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2678"
},
{
"name": "CVE-2014-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0015"
},
{
"name": "CVE-2017-1000099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000099"
},
{
"name": "CVE-2018-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2588"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2018-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0026"
},
{
"name": "CVE-2016-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
}
],
"initial_release_date": "2018-07-12T00:00:00",
"last_revision_date": "2018-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-339",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10869 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10869\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10866 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10866\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10874 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10874\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10863 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10863\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10871 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10871\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10857 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10857\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10868 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10868\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10859 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10859\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10872 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10872\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10858 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10858\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10861 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10861\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10860 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10860\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10864 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10864\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10873 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10873\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10865 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10865\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2015-AVI-072
Vulnerability from certfr_avis - Published: 2015-02-16 - Updated: 2015-02-16
De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Tivoli | IBM Tivoli Workload Scheduler 8.x | ||
| IBM | N/A | MegaRAID Storage Management 13.x | ||
| IBM | N/A | IBM Content Collector 3.x | ||
| IBM | N/A | IBM Cúram Social Program Management 6.x | ||
| IBM | N/A | IBM Cloud Manager with OpenStack 4.x | ||
| IBM | N/A | IBM MessageSight 1.x | ||
| IBM | Tivoli | IBM Tivoli Storage Manager Client 6.x | ||
| IBM | N/A | IBM Business Process Manager 7.x | ||
| IBM | Tivoli | IBM Tivoli Storage Manager Client 7.x | ||
| IBM | WebSphere | IBM WebSphere Transformation Extender 8.x | ||
| IBM | N/A | IBM Content Collector for Email 4.x | ||
| IBM | Tivoli | IBM Tivoli Storage Manager Client 5.x | ||
| IBM | N/A | IBM Content Collector 4.x | ||
| IBM | Tivoli | IBM Tivoli Workload Scheduler 9.x | ||
| IBM | N/A | IBM System x Integrated Management Module 2 (IMM2) 4.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Workload Scheduler 8.x",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "MegaRAID Storage Management 13.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Content Collector 3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM C\u00faram Social Program Management 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cloud Manager with OpenStack 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MessageSight 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Storage Manager Client 6.x",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Business Process Manager 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Storage Manager Client 7.x",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Transformation Extender 8.x",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Content Collector for Email 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Storage Manager Client 5.x",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Content Collector 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Workload Scheduler 9.x",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM System x Integrated Management Module 2 (IMM2) 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-0101",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0101"
},
{
"name": "CVE-2014-6512",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6512"
},
{
"name": "CVE-2014-7144",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7144"
},
{
"name": "CVE-2014-7230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7230"
},
{
"name": "CVE-2014-4803",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4803"
},
{
"name": "CVE-2014-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3509"
},
{
"name": "CVE-2014-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
},
{
"name": "CVE-2015-0146",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0146"
},
{
"name": "CVE-2014-3505",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3505"
},
{
"name": "CVE-2014-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
},
{
"name": "CVE-2014-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
},
{
"name": "CVE-2014-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3641"
},
{
"name": "CVE-2014-6468",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6468"
},
{
"name": "CVE-2014-3513",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3513"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
},
{
"name": "CVE-2014-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0139"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2014-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0138"
},
{
"name": "CVE-2014-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3511"
},
{
"name": "CVE-2014-3568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3568"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3507",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3507"
},
{
"name": "CVE-2014-3608",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3608"
},
{
"name": "CVE-2014-6414",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6414"
},
{
"name": "CVE-2014-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3621"
},
{
"name": "CVE-2014-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3510"
},
{
"name": "CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"name": "CVE-2013-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2174"
},
{
"name": "CVE-2014-3508",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3508"
},
{
"name": "CVE-2014-8373",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8373"
},
{
"name": "CVE-2014-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4813"
},
{
"name": "CVE-2014-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0015"
},
{
"name": "CVE-2014-0198",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0198"
},
{
"name": "CVE-2014-3506",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3506"
},
{
"name": "CVE-2014-7231",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7231"
},
{
"name": "CVE-2014-8917",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8917"
},
{
"name": "CVE-2014-5356",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5356"
}
],
"initial_release_date": "2015-02-16T00:00:00",
"last_revision_date": "2015-02-16T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-072",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM du 16 f\u00e9vrier 2015",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21693134"
}
]
}
FKIE_CVE-2014-0138
Vulnerability from fkie_nvd - Published: 2014-04-15 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://curl.haxx.se/docs/adv_20140326A.html | Vendor Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2014/Dec/23 | ||
| secalert@redhat.com | http://secunia.com/advisories/57836 | ||
| secalert@redhat.com | http://secunia.com/advisories/57966 | ||
| secalert@redhat.com | http://secunia.com/advisories/57968 | ||
| secalert@redhat.com | http://secunia.com/advisories/58615 | ||
| secalert@redhat.com | http://secunia.com/advisories/59458 | ||
| secalert@redhat.com | http://www-01.ibm.com/support/docview.wss?uid=swg21675820 | ||
| secalert@redhat.com | http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862 | ||
| secalert@redhat.com | http://www.debian.org/security/2014/dsa-2902 | ||
| secalert@redhat.com | http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ | ||
| secalert@redhat.com | http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ | ||
| secalert@redhat.com | http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ | ||
| secalert@redhat.com | http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/534161/100/0/threaded | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2167-1 | ||
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2014-0012.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://curl.haxx.se/docs/adv_20140326A.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Dec/23 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57966 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57968 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/59458 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21675820 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2014/dsa-2902 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/534161/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2167-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2014-0012.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | 7.10.6 | |
| haxx | curl | 7.10.7 | |
| haxx | curl | 7.10.8 | |
| haxx | curl | 7.11.0 | |
| haxx | curl | 7.11.1 | |
| haxx | curl | 7.11.2 | |
| haxx | curl | 7.12.0 | |
| haxx | curl | 7.12.1 | |
| haxx | curl | 7.12.2 | |
| haxx | curl | 7.12.3 | |
| haxx | curl | 7.13.0 | |
| haxx | curl | 7.13.1 | |
| haxx | curl | 7.13.2 | |
| haxx | curl | 7.14.0 | |
| haxx | curl | 7.14.1 | |
| haxx | curl | 7.15.0 | |
| haxx | curl | 7.15.1 | |
| haxx | curl | 7.15.2 | |
| haxx | curl | 7.15.3 | |
| haxx | curl | 7.15.4 | |
| haxx | curl | 7.15.5 | |
| haxx | curl | 7.16.0 | |
| haxx | curl | 7.16.1 | |
| haxx | curl | 7.16.2 | |
| haxx | curl | 7.16.3 | |
| haxx | curl | 7.16.4 | |
| haxx | curl | 7.17.0 | |
| haxx | curl | 7.17.1 | |
| haxx | curl | 7.18.0 | |
| haxx | curl | 7.18.1 | |
| haxx | curl | 7.18.2 | |
| haxx | curl | 7.19.0 | |
| haxx | curl | 7.19.1 | |
| haxx | curl | 7.19.2 | |
| haxx | curl | 7.19.3 | |
| haxx | curl | 7.19.4 | |
| haxx | curl | 7.19.5 | |
| haxx | curl | 7.19.6 | |
| haxx | curl | 7.19.7 | |
| haxx | curl | 7.20.0 | |
| haxx | curl | 7.20.1 | |
| haxx | curl | 7.21.0 | |
| haxx | curl | 7.21.1 | |
| haxx | curl | 7.21.2 | |
| haxx | curl | 7.21.3 | |
| haxx | curl | 7.21.4 | |
| haxx | curl | 7.21.5 | |
| haxx | curl | 7.21.6 | |
| haxx | curl | 7.21.7 | |
| haxx | curl | 7.22.0 | |
| haxx | curl | 7.23.0 | |
| haxx | curl | 7.23.1 | |
| haxx | curl | 7.24.0 | |
| haxx | curl | 7.25.0 | |
| haxx | curl | 7.26.0 | |
| haxx | curl | 7.27.0 | |
| haxx | curl | 7.28.0 | |
| haxx | curl | 7.28.1 | |
| haxx | curl | 7.29.0 | |
| haxx | curl | 7.30.0 | |
| haxx | curl | 7.31.0 | |
| haxx | curl | 7.32.0 | |
| haxx | curl | 7.33.0 | |
| haxx | curl | 7.34.0 | |
| haxx | curl | 7.35.0 | |
| haxx | libcurl | 7.10.6 | |
| haxx | libcurl | 7.10.7 | |
| haxx | libcurl | 7.10.8 | |
| haxx | libcurl | 7.11.0 | |
| haxx | libcurl | 7.11.1 | |
| haxx | libcurl | 7.11.2 | |
| haxx | libcurl | 7.12.0 | |
| haxx | libcurl | 7.12.1 | |
| haxx | libcurl | 7.12.2 | |
| haxx | libcurl | 7.12.3 | |
| haxx | libcurl | 7.13.0 | |
| haxx | libcurl | 7.13.1 | |
| haxx | libcurl | 7.13.2 | |
| haxx | libcurl | 7.14.0 | |
| haxx | libcurl | 7.14.1 | |
| haxx | libcurl | 7.15.0 | |
| haxx | libcurl | 7.15.1 | |
| haxx | libcurl | 7.15.2 | |
| haxx | libcurl | 7.15.3 | |
| haxx | libcurl | 7.15.4 | |
| haxx | libcurl | 7.15.5 | |
| haxx | libcurl | 7.16.0 | |
| haxx | libcurl | 7.16.1 | |
| haxx | libcurl | 7.16.2 | |
| haxx | libcurl | 7.16.3 | |
| haxx | libcurl | 7.16.4 | |
| haxx | libcurl | 7.17.0 | |
| haxx | libcurl | 7.17.1 | |
| haxx | libcurl | 7.18.0 | |
| haxx | libcurl | 7.18.1 | |
| haxx | libcurl | 7.18.2 | |
| haxx | libcurl | 7.19.0 | |
| haxx | libcurl | 7.19.1 | |
| haxx | libcurl | 7.19.2 | |
| haxx | libcurl | 7.19.3 | |
| haxx | libcurl | 7.19.4 | |
| haxx | libcurl | 7.19.5 | |
| haxx | libcurl | 7.19.6 | |
| haxx | libcurl | 7.19.7 | |
| haxx | libcurl | 7.20.0 | |
| haxx | libcurl | 7.20.1 | |
| haxx | libcurl | 7.21.0 | |
| haxx | libcurl | 7.21.1 | |
| haxx | libcurl | 7.21.2 | |
| haxx | libcurl | 7.21.3 | |
| haxx | libcurl | 7.21.4 | |
| haxx | libcurl | 7.21.5 | |
| haxx | libcurl | 7.21.6 | |
| haxx | libcurl | 7.21.7 | |
| haxx | libcurl | 7.22.0 | |
| haxx | libcurl | 7.23.0 | |
| haxx | libcurl | 7.23.1 | |
| haxx | libcurl | 7.24.0 | |
| haxx | libcurl | 7.25.0 | |
| haxx | libcurl | 7.26.0 | |
| haxx | libcurl | 7.27.0 | |
| haxx | libcurl | 7.28.0 | |
| haxx | libcurl | 7.28.1 | |
| haxx | libcurl | 7.29.0 | |
| haxx | libcurl | 7.30.0 | |
| haxx | libcurl | 7.31.0 | |
| haxx | libcurl | 7.32.0 | |
| haxx | libcurl | 7.33.0 | |
| haxx | libcurl | 7.34.0 | |
| haxx | libcurl | 7.35.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5D65CDC0-580B-42B3-97E8-69BE44CDB68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "01001EEA-AB99-4041-8188-38CEBE9C3031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31DB0DA3-88B7-43ED-8102-CEBC28524CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87596B6A-A7B3-4256-9982-45D3B6E3E018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0045855F-A707-415A-AC12-6981B68B08E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B49807DC-0BDA-41F6-BB76-7C62328D245F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A78B6B8-9F4B-46AC-BB04-7EBADC690CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE80B46-33F0-4338-AF37-9E7E31FC5E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD38D8C6-9EEE-4160-9353-773943A560B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD33549E-EFFB-466F-8B47-BE036D454693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16BB71C8-3564-4E69-A2C3-E9AB1F9EF20C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4966AA12-15DB-44E5-84AF-9D7AF4A52F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "827B6C8A-59C4-4714-9406-5C8EB5073AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A11305-E4FF-473B-9415-AF1F0E7A27D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8444095B-AF8F-42B5-BD4D-9CBE9238E42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C22F23AE-02AB-42F0-AA16-D2F8C94E5DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33DE520-BD2A-4499-B1F8-1439AE16AB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "041FCB20-E74F-4550-AC48-EE4E5875E118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D16DBA5E-582F-4648-932E-8A1EFB7FE3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A25323F4-7C67-4097-AD53-A6B9E6D96BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36919682-F59E-4EC0-886C-AE967F636753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B45AF234-3651-4367-BFEF-8766F66FB138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E46A9126-A02E-44CD-885D-0956E0C87C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91E9C756-7FE3-4197-8C18-99CD1F49B0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88806B7D-5EFE-4F91-B115-732882D2C126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9E8AB-B3EC-4743-B39B-7325EEB17233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5030FBB0-C95B-4ADE-BFC2-CCA37AAD019B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5513618A-6770-4292-95D1-68F55D8343CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7494C01F-E9EC-406E-879A-B2045865E282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD9F894-4576-4ED1-9F55-4C27ECE7E058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49AFACAC-BBAF-469B-BF05-0478E987120F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A136E86-0697-4915-BC49-F570C776EDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB241AF-A01D-4FD6-B98A-F4C20F844C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B61901-F7DF-4805-8EB7-CA1701CA81CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0CDEC9-224A-4668-B2E4-2145653E3F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E92BE9CB-F001-47A0-94E0-48FC01A63FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "324E2A20-2F66-4E03-9A7F-A09E631E9033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C8987B53-BD80-40B9-8429-21AD97208040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "490D1BDC-33B9-43BA-B6DA-42DEE577082A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B465BE7E-0B4D-4BC4-894B-3F51A201CE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA17087-3021-4961-B53C-CDCC872A31A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CA3936-4602-40E6-B75C-58D3F24268E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87C110C-21DD-438A-90EF-BE516CF59F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2D9E0E-2EED-4FB5-859C-05226FC48D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA01E21-71CE-4B07-B5A6-D0D7AC493A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51239254-31CE-4BF7-8669-1525BA391362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2BE20D-232D-4C86-81B0-C82CCC1CAA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D652FD7C-1521-4391-AAE1-0A4D6F4CE8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB861143-F809-45CF-95BE-E64F4BA1A0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3480F4A-0AE0-4428-9EDA-5A6B994909A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "936BF59E-33A8-46BA-9FBD-8763812E2F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33168C81-6DAE-40D6-9693-68390CD71DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "424F9604-AA9A-4D45-A521-0BDEDB723659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6EBCEB-E52C-4FF5-B15A-6960F58090EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D204E994-4591-403C-8EF3-D3B7BF4AA1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF5418D-1162-4B1E-BC3D-06A3E084BEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA65F31-3D54-4F66-A0A3-2BD993FF38F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41ACC9FE-62FF-424B-B4B8-B033FEAF7686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BC39E9-5945-4DC8-ACA8-1C9918D9F279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9658447-FBB0-4DEA-8FEE-BD4D3D1BF7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECABFCB-0D02-4B5B-BB35-C6B3C0896348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5176F0-E62F-46FF-B536-DC0680696773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506A3761-3D24-43DB-88D8-4EB5B9E8BA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B6EF8B0-0E86-449C-A500-ACD902A78C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D558CC2-0146-4887-834E-19FCB1D512A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1F9453-1FB6-4CA7-9285-A243E56667B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F79828BB-2412-46AD-BE3C-A51B48E191AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "72D0F13F-D56F-4C1C-A3CF-2E4E704817CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90A4F2E2-1B43-470E-8935-CB32F12A0124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "797DF5C7-509E-48FD-BD04-C66E01748728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47BD868A-CE3B-4E39-A588-C4EDA3265A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2EE400-1C36-40F4-A9D1-9AB432F168BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E3CB14-FB16-4F4E-9AD9-A02DC727FF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08DCC42C-C881-4AEA-9348-E8317C54D62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC4EF5A-C8CB-4F33-B4D1-E4192B179D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81CEF54A-9668-4031-926F-9B978DD5CDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45068C90-8915-4D19-B36B-993980E28D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24543011-2458-47B5-984A-901E70084902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB482A9C-D577-4AEE-A08F-CAFA6586B51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65AF9B86-A555-4D5E-B24E-9EBF78BCD8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60BBDF07-DB97-433E-B542-EFEBE45550DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8BE3F8-82ED-4DD7-991E-979E950C98B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "738AA231-4694-46E8-B559-1594263A9987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E1F171-B887-499A-BF4F-538EBF347811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "07AA276A-0EBA-4DC9-951C-8F8159FAC7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEEF534-9AD2-4439-9D69-E91D062C4647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63643BE1-C978-4CD2-8ED1-2B979DB0676E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FA04A0-9258-4654-ABCF-F41340B1FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE829230-AFDB-4131-9C6A-D9D7A66C5B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E8BA30-8087-48D4-AE1B-48326FF826B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47970EFF-2F51-4875-A6BD-E30614E13278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B668-3204-41C5-A82E-262BDFA541DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C8EE1E-E186-42D6-8B12-05865C73F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA3D88B-41B9-4D79-B47D-B3D6058C0C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C80901-D48E-4C2A-9BED-A40007A11C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "331A51E4-AA73-486F-9618-5A83965F2436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB32DF2C-9208-4853-ADEB-B00D764D7467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05636DC-7E38-4605-AAB8-81C0AE37520A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "624DF2F1-53FD-48D3-B93D-44E99C9C0C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2171C7C-311A-4405-B95F-3A54966FA844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE20A41-8B53-46FC-9002-69CC7495171F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87ED9DA0-E880-4CBB-B1AC-5AEE8A004718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5293C7F0-BF9F-4768-889A-876CE78903CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EB41B3-65F3-4B0E-8CCC-325B14AF605B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "857B244C-2AFB-40C7-A893-7C6DE9871BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B732CE55-820A-40E0-A885-71BBB6CF8C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0455A5F2-1515-4CD8-BA2F-74D28E91A661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29034B3A-BE9D-4D68-8C56-4465C03C3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6249538E-FBCB-4130-91FB-DA78D7BA45DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E11B8A5-50A2-468F-BFB3-86DD9D28AC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAE25A0-3828-46F1-AB30-88732CBC9F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1533A85C-2160-445D-8787-E624AEDC5A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D87B9393-7EA4-43DA-900C-7E840AE2D4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1249E9-304F-4952-8DAB-8B79CE5E7D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83FAF953-6A65-4FAB-BDB5-03B468CD1C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29F8FF1F-A639-4161-9366-62528AAF4C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "812AB429-379A-4EDE-9664-5BC2989053F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13DD791F-C4BD-4456-955A-92E84082AA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A17E442-45AA-4780-98B4-9BF764DCC1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AF544C-5F16-4434-B9FB-93B1B7318950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9ED9-2412-44AE-9C55-0ED03A121B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E66A332-ECD1-4452-B444-FB629022FDF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD3D599-35E9-4590-B5E0-3AF04D344695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en cURL y libcurl 7.10.6 anterior a 7.36.0 re-utiliza conexiones (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP y (10) LDAPS, lo que podr\u00eda permitir a atacantes dependientes de contexto conectar como otro usuario a trav\u00e9s de una petici\u00f3n, un problema similar a CVE-2014-0015."
}
],
"id": "CVE-2014-0138",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-15T14:55:04.107",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57836"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57966"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57968"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/58615"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59458"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"source": "secalert@redhat.com",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"source": "secalert@redhat.com",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-J832-G86M-353X
Vulnerability from github – Published: 2022-05-14 02:54 – Updated: 2025-04-12 12:32
VLAI?
Details
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
{
"affected": [],
"aliases": [
"CVE-2014-0138"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-15T14:55:00Z",
"severity": "MODERATE"
},
"details": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.",
"id": "GHSA-j832-g86m-353x",
"modified": "2025-04-12T12:32:29Z",
"published": "2022-05-14T02:54:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0138"
},
{
"type": "WEB",
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57836"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57966"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57968"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/58615"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59458"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"type": "WEB",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release"
},
{
"type": "WEB",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2014-0138
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-0138",
"description": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.",
"id": "GSD-2014-0138",
"references": [
"https://www.suse.com/security/cve/CVE-2014-0138.html",
"https://www.debian.org/security/2014/dsa-2902",
"https://access.redhat.com/errata/RHSA-2014:0561",
"https://advisories.mageia.org/CVE-2014-0138.html",
"https://alas.aws.amazon.com/cve/html/CVE-2014-0138.html",
"https://linux.oracle.com/cve/CVE-2014-0138.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-0138"
],
"details": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.",
"id": "GSD-2014-0138",
"modified": "2023-12-13T01:22:44.171712Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://curl.haxx.se/docs/adv_20140326A.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "57836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57836"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "DSA-2902",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"name": "59458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59458"
},
{
"name": "openSUSE-SU-2014:0530",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"name": "58615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58615"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "57968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57968"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"name": "USN-2167-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name": "57966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57966"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0138"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2902",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2014/dsa-2902"
},
{
"name": "http://curl.haxx.se/docs/adv_20140326A.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20140326A.html"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"name": "57836",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/57836"
},
{
"name": "57966",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/57966"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name": "57968",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/57968"
},
{
"name": "59458",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59458"
},
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
},
{
"name": "58615",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/58615"
},
{
"name": "USN-2167-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"name": "openSUSE-SU-2014:0530",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-09T19:36Z",
"publishedDate": "2014-04-15T14:55Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…