{"id":"CURL-CVE-2015-3143","summary":"Reusing authenticated connection when unauthenticated","details":"libcurl keeps a pool of its last few connections around after use to\nfacilitate easy, convenient and completely transparent connection reuse for\napplications.\n\nWhen doing HTTP requests NTLM authenticated, the entire connection becomes\nauthenticated and not just the specific HTTP request which is otherwise how\nHTTP works. This makes NTLM special and a subject for special treatment in the\ncode. With NTLM, once the connection is authenticated, no further\nauthentication is necessary until the connection gets closed.\n\nlibcurl's connection reuse logic selects an existing connection for reuse\nwhen asked to do a request, and when asked to use NTLM libcurl have to pick a\nconnection with matching credentials only.\n\nIf a connection was first setup and used for an NTLM HTTP request with a\nspecific set of credentials, that same connection could later wrongly get\nreused in a subsequent HTTP request that was made to the same host - but\nwithout having any credentials set! Since an NTLM connection was already\nauthenticated due to how NTLM works, the subsequent request could then get\nsent over the wrong connection appearing as the initial user.\n\nThis problem is similar to the previous problem known as\n[CVE-2014-0015](https://curl.se/docs/CVE-2014-0015.html). The main difference\nthis time is that the subsequent request that wrongly reuse a connection does\nnot ask for NTLM authentication.","aliases":["CVE-2015-3143"],"modified":"2025-11-12T00:50:45Z","published":"2015-04-22T08:00:00Z","database_specific":{"last_affected":"7.41.0","URL":"https://curl.se/docs/CVE-2015-3143.json","www":"https://curl.se/docs/CVE-2015-3143.html","severity":"Medium","package":"curl","affects":"both","CWE":{"id":"CWE-305","desc":"Authentication Bypass by Primary Weakness"}},"affected":[{"ranges":[{"type":"SEMVER","events":[{"introduced":"7.10.6"},{"fixed":"7.42.0"}]}],"versions":["7.41.0","7.40.0","7.39.0","7.38.0","7.37.1","7.37.0","7.36.0","7.35.0","7.34.0","7.33.0","7.32.0","7.31.0","7.30.0","7.29.0","7.28.1","7.28.0","7.27.0","7.26.0","7.25.0","7.24.0","7.23.1","7.23.0","7.22.0","7.21.7","7.21.6","7.21.5","7.21.4","7.21.3","7.21.2","7.21.1","7.21.0","7.20.1","7.20.0","7.19.7","7.19.6","7.19.5","7.19.4","7.19.3","7.19.2","7.19.1","7.19.0","7.18.2","7.18.1","7.18.0","7.17.1","7.17.0","7.16.4","7.16.3","7.16.2","7.16.1","7.16.0","7.15.5","7.15.4","7.15.3","7.15.2","7.15.1","7.15.0","7.14.1","7.14.0","7.13.2","7.13.1","7.13.0","7.12.3","7.12.2","7.12.1","7.12.0","7.11.2","7.11.1","7.11.0","7.10.8","7.10.7","7.10.6"],"database_specific":{"source":"https://curl.se/docs/CURL-CVE-2015-3143.json"}}],"schema_version":"1.7.3","credits":[{"name":"Paras Sethia","type":"FINDER"},{"name":"Daniel Stenberg","type":"REMEDIATION_DEVELOPER"}]}