What is CVE-2015-3148?

CVE-2015-3148 is a vulnerability in Apple Mac_os_x, classified under Improper Access Control. Published 2015-04-24.

Is CVE-2015-3148 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

EPSS: 0.014 (81.0th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x — versions 10.10.0, 10.10.1, 10.10.2
Haxx Curl — versions 7.10.6, 7.10.7, 7.10.8
Haxx Libcurl — versions 7.10.6, 7.10.7, 7.10.8
Hp System_management_homepage
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 7.0
Fedoraproject Fedora — versions 21, 22
Opensuse — versions 13.1, 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

akaganeite/CVE4PP

References

HPSBHF03544 (x_refsource_HP, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
FEDORA-2015-6853 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
DSA-3232 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
FEDORA-2015-6712 (x_refsource_FEDORA, vendor-advisory)
74301 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2015:219 (vendor-advisory, x_refsource_MANDRIVA)
USN-2591-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
1032232 (Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-3148?: CVE-2015-3148 is a vulnerability in Apple Mac_os_x, classified under Improper Access Control. Published 2015-04-24.
Is CVE-2015-3148 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.