VYPR
Unrated severityNVD Advisory· Published Jun 22, 2015· Updated Jun 17, 2026

CVE-2015-3236

CVE-2015-3236

Description

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Curl/Curl5 versions
    cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
    • (no CPE)range: >=7.40.0, <=7.42.1
  • Curl/Libcurl5 versions
    cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*
    • cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*
    • (no CPE)range: >=7.40.0, <=7.42.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.