CURL-CVE-2016-0755

Source
https://curl.se/docs/CVE-2016-0755.html
Import Source
https://curl.se/docs/CURL-CVE-2016-0755.json
JSON Data
https://api.osv.dev/v1/vulns/CURL-CVE-2016-0755
Aliases
Published
2016-01-27T08:00:00Z
Modified
2024-06-07T13:53:51Z
Summary
NTLM credentials not-checked for proxy connection re-use
Details

libcurl reuses NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer.

libcurl maintains a pool of connections after a transfer has completed. The pool of connections is then gone through when a new transfer is requested and if there is a live connection available that can be reused, it is preferred instead of creating a new one.

Since NTLM-based authentication is connection oriented instead of request oriented as other HTTP based authentication, it is important that only connections that have been authenticated with the correct username + password are reused. This was done properly for server connections already, but libcurl failed to do it properly for proxy connections using NTLM.

A libcurl application can easily switch user credentials used for a proxy connection between two requests, and that subsequent transfer then MUST make libcurl use another connection. libcurl previously failed to do so.

The effects of this flaw, is that the application could be reusing a proxy connection using the previously used credentials and thus it could be given to or prevented access from resources that it was not intended to.

This problem is very similar to CVE-2014-0015, which was for direct server connections while this is for proxy connections.

Database specific
{
    "CWE": {
        "id": "CWE-305",
        "desc": "Authentication Bypass by Primary Weakness"
    },
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2016-0755.json",
    "severity": "Medium",
    "www": "https://curl.se/docs/CVE-2016-0755.html",
    "last_affected": "7.46.0"
}
References
Credits
    • Isaac Boukris - FINDER
    • Isaac Boukris - REMEDIATION_DEVELOPER

Affected packages

Git /

Affected ranges

Type
SEMVER
Events
Introduced
7.10.7
Fixed
7.47.0

Affected versions

7.*

7.10.7
7.10.8
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.12.2
7.12.3
7.13.0
7.13.1
7.13.2
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.16.0
7.16.1
7.16.2
7.16.3
7.16.4
7.17.0
7.17.1
7.18.0
7.18.1
7.18.2
7.19.0
7.19.1
7.19.2
7.19.3
7.19.4
7.19.5
7.19.6
7.19.7
7.20.0
7.20.1
7.21.0
7.21.1
7.21.2
7.21.3
7.21.4
7.21.5
7.21.6
7.21.7
7.22.0
7.23.0
7.23.1
7.24.0
7.25.0
7.26.0
7.27.0
7.28.0
7.28.1
7.29.0
7.30.0
7.31.0
7.32.0
7.33.0
7.34.0
7.35.0
7.36.0
7.37.0
7.37.1
7.38.0
7.39.0
7.40.0
7.41.0
7.42.0
7.42.1
7.43.0
7.44.0
7.45.0
7.46.0