ID

VAR-201504-0147


CVE

CVE-2015-3143


TITLE

Haxx cURL and libcurl Security hole

Trust: 0.6

sources: CNNVD: CNNVD-201504-500

DESCRIPTION

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. cURL/libcURL is prone to a remote security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. cURL/libcURL 7.10.6 through versions 7.41.0 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. ============================================================================ Ubuntu Security Notice USN-2591-1 April 30, 2015 curl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3144) Hanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. If a user or automated system were tricked into parsing a specially crafted cookie, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148) Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2 Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4 Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5 Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2591-1 CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153 Package Information: https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2 https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Multiple vulnerabilities Date: September 24, 2015 Bugs: #547376, #552618 ID: 201509-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. Background ========== cURL is a tool and libcurl is a library for transferring data with URL syntax. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.43.0 >= 7.43.0 Description =========== Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0" References ========== [ 1 ] CVE-2015-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143 [ 2 ] CVE-2015-3144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144 [ 3 ] CVE-2015-3145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145 [ 4 ] CVE-2015-3148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148 [ 5 ] CVE-2015-3236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236 [ 6 ] CVE-2015-3237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201509-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3232-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 22, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2015-3143 NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. This is similar to the issue fixed in DSA-2849-1. CVE-2015-3144 When parsing URLs with a zero-length hostname (such as "http://:80"), libcurl would try to read from an invalid memory address. This could allow remote attackers to cause a denial of service (crash). This issue only affects the upcoming stable (jessie) and unstable (sid) distributions. CVE-2015-3145 When parsing HTTP cookies, if the parsed cookie's "path" element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service (crash). This issue only affects the upcoming stable (jessie) and unstable (sid) distributions. CVE-2015-3148 When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user. For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13. For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj D3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi qpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea ot3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy KyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7 m0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz QqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY iG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0 pDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5 TPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI mRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j 3UCM8MZyw4I0qI5KGlL1 =FvPw -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.45.0-i486-1_slack14.1.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

Trust: 1.89

sources: NVD: CVE-2015-3143 // BID: 74299 // VULHUB: VHN-81104 // VULMON: CVE-2015-3143 // PACKETSTORM: 131699 // PACKETSTORM: 133700 // PACKETSTORM: 131588 // PACKETSTORM: 134138 // PACKETSTORM: 131727 // PACKETSTORM: 131726

AFFECTED PRODUCTS

vendor:haxxmodel:libcurlscope:eqversion:7.34.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.27.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.31.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.29.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.28.1

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.28.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.35.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.32.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.30.0

Trust: 1.6

vendor:haxxmodel:libcurlscope:eqversion:7.33.0

Trust: 1.6

vendor:haxxmodel:curlscope:eqversion:7.13.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.40.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.30.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.16.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.2

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.18.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.11.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.18.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.2

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.15.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.6

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.6

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.15.5

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.23.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.15.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.16.3

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.38.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.33.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.4

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.18.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.36.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.5

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.1

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.9.5

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.16.2

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.20.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.3

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.10

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.26.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.29.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.17.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.16.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.11.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.23.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.10.7

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.16.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.18.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.15.3

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.12.3

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.6

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.11.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.16.3

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.13.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.4

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.15.4

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.24.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.25.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.28.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.4

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.36.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.10.6

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.3

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.35.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.14.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.22.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.5

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.17.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.11.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.20.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.23.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.12.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.13.2

Trust: 1.0

vendor:hpmodel:system management homepagescope:lteversion:7.5.3.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.16.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.15.3

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.12.3

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.10.8

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.12.2

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.34.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.11.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.28.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.31.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.11.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.37.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.13.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.6

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.15.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.12.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.17.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.14.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.4

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.37.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.38.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.23.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.18.2

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.22.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.41.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.26.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.7

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.7

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.16.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.4

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.15.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.3

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.10.7

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.12.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.17.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.32.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.14.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.13.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.37.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.3

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.40.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.18.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.15.1

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.41.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.15.5

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.15.4

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.24.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.25.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.21.7

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.19.7

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.16.4

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.15.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.10.6

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.12.0

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.10.8

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.21.5

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.39

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.12.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.19.5

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.39.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.20.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.16.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.20.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:eqversion:7.13.2

Trust: 1.0

vendor:haxxmodel:curlscope:eqversion:7.27.0

Trust: 1.0

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.20

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.19.6

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.19.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.19.4

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.19.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.19

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.18.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.18

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.17

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.16.4

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.15.5

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.15.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.15.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.15.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.15

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.14.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.14

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.13.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.13.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.13

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.12.3

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.12.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.12.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.12

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.11.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.11.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.11

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.10.8

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.10.7

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.10.6

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.24.0

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.23.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.21.7

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.21.6

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.20.2

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.20.1

Trust: 0.3

vendor:danielmodel:stenberg curlscope:eqversion:7.16.3

Trust: 0.3

sources: BID: 74299 // CNNVD: CNNVD-201504-500 // NVD: CVE-2015-3143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3143
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201504-500
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81104
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-3143
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3143
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-81104
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81104 // VULMON: CVE-2015-3143 // CNNVD: CNNVD-201504-500 // NVD: CVE-2015-3143

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

sources: VULHUB: VHN-81104 // NVD: CVE-2015-3143

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 133700 // PACKETSTORM: 131727 // CNNVD: CNNVD-201504-500

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201504-500

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81104

PATCH

title:Red Hat: Moderate: curl security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152159 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2015-3143url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3143

Trust: 0.1

title:Ubuntu Security Notice: curl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2591-1

Trust: 0.1

title:Debian Security Advisories: DSA-3232-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6e7bbc3a8db398caa606cf6110790ac9

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-514url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-514

Trust: 0.1

title:Apple: OS X Yosemite v10.10.5 and Security Update 2015-006url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9834d0d73bf28fb80d3390930bafd906

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

sources: VULMON: CVE-2015-3143

EXTERNAL IDS

db:NVDid:CVE-2015-3143

Trust: 2.7

db:JUNIPERid:JSA10743

Trust: 1.5

db:BIDid:74299

Trust: 1.5

db:SECTRACKid:1032232

Trust: 1.2

db:CNNVDid:CNNVD-201504-500

Trust: 0.7

db:SECUNIAid:64164

Trust: 0.6

db:SECUNIAid:64284

Trust: 0.6

db:PACKETSTORMid:131699

Trust: 0.2

db:PACKETSTORMid:133700

Trust: 0.2

db:PACKETSTORMid:131726

Trust: 0.2

db:PACKETSTORMid:134138

Trust: 0.2

db:PACKETSTORMid:131588

Trust: 0.2

db:PACKETSTORMid:131727

Trust: 0.2

db:PACKETSTORMid:135878

Trust: 0.1

db:VULHUBid:VHN-81104

Trust: 0.1

db:VULMONid:CVE-2015-3143

Trust: 0.1

sources: VULHUB: VHN-81104 // VULMON: CVE-2015-3143 // BID: 74299 // PACKETSTORM: 131699 // PACKETSTORM: 133700 // PACKETSTORM: 131588 // PACKETSTORM: 134138 // PACKETSTORM: 131727 // PACKETSTORM: 131726 // CNNVD: CNNVD-201504-500 // NVD: CVE-2015-3143

REFERENCES

url:http://curl.haxx.se/docs/adv_20150422a.html

Trust: 2.1

url:http://www.debian.org/security/2015/dsa-3232

Trust: 1.8

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 1.5

url:http://advisories.mageia.org/mgasa-2015-0179.html

Trust: 1.4

url:http://www.securityfocus.com/bid/74299

Trust: 1.3

url:https://security.gentoo.org/glsa/201509-02

Trust: 1.3

url:http://www.ubuntu.com/usn/usn-2591-1

Trust: 1.3

url:http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html

Trust: 1.2

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Trust: 1.2

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763

Trust: 1.2

url:https://support.apple.com/kb/ht205031

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:219

Trust: 1.2

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:220

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2015-1254.html

Trust: 1.2

url:http://www.securitytracker.com/id/1032232

Trust: 1.2

url:http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html

Trust: 1.2

url:http://marc.info/?l=bugtraq&m=145612005512270&w=2

Trust: 1.1

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10743

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3148

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3143

Trust: 0.6

url:http://secunia.com/advisories/64164

Trust: 0.6

url:http://secunia.com/advisories/64284

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-3145

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2015-3144

Trust: 0.4

url:http://curl.haxx.se/

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1213306

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10743&cat=sirt_1&actp=list

Trust: 0.3

url:http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023307

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21957883

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21903004

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21966972

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21967789

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-3237

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-3236

Trust: 0.2

url:http://www.debian.org/security/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145

Trust: 0.2

url:http://www.mandriva.com/en/support/security/

Trust: 0.2

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.2

url:http://kb.juniper.net/infocenter/index?page=content&amp;id=jsa10743

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=145612005512270&amp;w=2

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2015:2159

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3143

Trust: 0.1

url:https://usn.ubuntu.com/2591-1/

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=38682

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3153

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3144

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3145

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3143

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3237

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3236

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3148

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://:80"),

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237

Trust: 0.1

sources: VULHUB: VHN-81104 // VULMON: CVE-2015-3143 // BID: 74299 // PACKETSTORM: 131699 // PACKETSTORM: 133700 // PACKETSTORM: 131588 // PACKETSTORM: 134138 // PACKETSTORM: 131727 // PACKETSTORM: 131726 // CNNVD: CNNVD-201504-500 // NVD: CVE-2015-3143

CREDITS

Paras Sethia

Trust: 0.3

sources: BID: 74299

SOURCES

db:VULHUBid:VHN-81104
db:VULMONid:CVE-2015-3143
db:BIDid:74299
db:PACKETSTORMid:131699
db:PACKETSTORMid:133700
db:PACKETSTORMid:131588
db:PACKETSTORMid:134138
db:PACKETSTORMid:131727
db:PACKETSTORMid:131726
db:CNNVDid:CNNVD-201504-500
db:NVDid:CVE-2015-3143

LAST UPDATE DATE

2024-11-11T20:10:32.723000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-81104date:2018-01-05T00:00:00
db:VULMONid:CVE-2015-3143date:2018-01-05T00:00:00
db:BIDid:74299date:2016-07-06T14:27:00
db:CNNVDid:CNNVD-201504-500date:2015-04-27T00:00:00
db:NVDid:CVE-2015-3143date:2018-01-05T02:30:04.773

SOURCES RELEASE DATE

db:VULHUBid:VHN-81104date:2015-04-24T00:00:00
db:VULMONid:CVE-2015-3143date:2015-04-24T00:00:00
db:BIDid:74299date:2015-04-22T00:00:00
db:PACKETSTORMid:131699date:2015-04-30T15:48:24
db:PACKETSTORMid:133700date:2015-09-25T06:54:51
db:PACKETSTORMid:131588date:2015-04-22T20:15:37
db:PACKETSTORMid:134138date:2015-10-30T23:23:03
db:PACKETSTORMid:131727date:2015-05-04T17:18:27
db:PACKETSTORMid:131726date:2015-05-04T17:18:17
db:CNNVDid:CNNVD-201504-500date:2015-04-27T00:00:00
db:NVDid:CVE-2015-3143date:2015-04-24T14:59:08.187