Debian: 2849-1: curl: information disclosure
Feb01
on February 1, 2014
at 4:27 pm
Posted In: Uncategorized
(Jan 31) Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. [More…]
Comment