What is CVE-2015-3143?

CVE-2015-3143 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2015-04-24.

Is CVE-2015-3143 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2015-3143

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.

EPSS: 0.047 (89.5th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x — versions 10.10.0, 10.10.1, 10.10.2
Haxx Curl — versions 7.10.6, 7.10.7, 7.10.8
Haxx Libcurl — versions 7.10.6, 7.10.7, 7.10.8
Hp System_management_homepage
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

HPSBHF03544 (x_refsource_HP, vendor-advisory, Third Party Advisory)
FEDORA-2015-6853 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
DSA-3232 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2015-6712 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2015:219 (vendor-advisory, x_refsource_MANDRIVA)
USN-2591-1 (x_refsource_UBUNTU, vendor-advisory)
1032232 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-3143?: CVE-2015-3143 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2015-04-24.
Is CVE-2015-3143 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.