CVE-2015-3148
Description
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.125
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update HP System Management Homepage Detection (x64) 7.5.3.1 to latest version | Windows |
| Update HP System Management Homepage Detection 7.5.3.1 to latest version | Windows |
| Vulnerability CVE-2015-3143,CVE-2015-3144,CVE-2015-3145,CVE-2015-3148 are affected in Curl For Windows 7.41.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.6 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.4 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.5 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.7 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.22.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.23.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.23.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.24.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.25.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.26.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.27.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.28.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.28.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.29.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.30.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.31.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.32.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.33.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.17.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.18.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.18.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.18.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.4 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.5 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.6 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.19.7 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.20.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.20.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.21.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.34.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.35.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.36.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.37.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.37.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.38.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.10.6 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.10.7 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.10.8 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.11.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.11.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.11.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.12.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.12.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.12.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.12.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.13.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.13.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.13.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.14.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.14.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.15.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.15.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.15.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.15.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.15.4 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.15.5 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.16.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.16.1 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.16.2 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.16.3 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.16.4 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.17.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.40.0 | Windows |
| Multiple Vulnerabilities are affected in Curl For Windows 7.41.0 | Windows |
| Vulnerabilities CVE-2015-3144,CVE-2015-3145,CVE-2015-3148,CVE-2015-3143 are fixed in Curl For Windows 7.42.0 | Windows |
| Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Update | Mac |
| Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo Update | Mac |
| HTTP, HTTPS, and FTP client and client libraries (USN-2591-1) libcurl3_7.38.0-3ubuntu2.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-2591-1) libcurl3_7.38.0-3ubuntu2.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-2591-1) libcurl3-nss_7.38.0-3ubuntu2.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-2591-1) libcurl3-nss_7.38.0-3ubuntu2.2_amd64.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-2591-1) libcurl3-gnutls_7.38.0-3ubuntu2.2_i386.deb | Linux |
| HTTP, HTTPS, and FTP client and client libraries (USN-2591-1) libcurl3-gnutls_7.38.0-3ubuntu2.2_amd64.deb | Linux |
| (RHSA-2017:0847) Moderate: curl security update curl-7.19.7-53.el6_9.i686.rpm | Linux |
| (RHSA-2017:0847) Moderate: curl security update curl-7.19.7-53.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:0847) Moderate: curl security update libcurl-7.19.7-53.el6_9.i686.rpm | Linux |
| (RHSA-2017:0847) Moderate: curl security update libcurl-7.19.7-53.el6_9.x86_64.rpm | Linux |
| (RHSA-2017:0847) Moderate: curl security update libcurl-devel-7.19.7-53.el6_9.i686.rpm | Linux |
| (RHSA-2017:0847) Moderate: curl security update libcurl-devel-7.19.7-53.el6_9.x86_64.rpm | Linux |
| Update HP System Management Homepage Detection 7.5.3.1 to latest version (For Ubuntu) | Linux |
| Update HP System Management Homepage Detection 7.5.3.1 to latest version (For Debian) | Linux |
| Update HP System Management Homepage Detection 7.5.3.1 to latest version (For Centos) | Linux |
| Update HP System Management Homepage Detection 7.5.3.1 to latest version (For RedHat) | Linux |
| Update HP System Management Homepage Detection 7.5.3.1 to latest version (For Suse) | Linux |
| Multiple Vulnerabilities affected in system_management_homepage 7.5.3.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.4.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.2.2.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2.77-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2.77 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2-77 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1.73 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1-73 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.3.132 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.2.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.2.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.9 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7-168 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6-156 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5-146 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.3 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2-127 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-118 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-109 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-103(a) | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0-103 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.2.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1.0.102 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.1.0-103 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0.0.96 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.0.0-95 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12-200 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12-118 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11-197 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10-186 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.9-178 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8-177 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.7.168 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.6.156 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5.146-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.5.146 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4.143 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.4-143 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.2.127 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.0.121 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.2.106 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.0.1.104 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.2.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.2 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.2.6 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.11.197-a | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186-c | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186-b | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10.186 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.10 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.8.179 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 7.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.3.1 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 6.3.0 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.2.8 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15.210 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15-210 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.15 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.14.20 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.14 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 2.1.12.201 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0.64 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0-68 | NCM |
| Multiple Vulnerabilities affected in system_management_homepage 3.0.0 | NCM |
| Improper Access Control Vulnerability (CVE-2015-3148) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-600354 | OS X Yosemite 10.10.5 Update |
| PATCH-600458 | OS X Yosemite 10.10.5 Combo Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234