aboutsummaryrefslogtreecommitdiff
path: root/docs/libcurl/opts
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-04-18 23:50:16 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-04-21 23:20:37 +0200
commit79b9d5f1a42578f807a6c94914bc65cbaa304b6d (patch)
treeb90cfdb4f416b791700635fc986bb99701783971 /docs/libcurl/opts
parent0583e87ada7a3cfb10904ae4ab61b339582c5bd3 (diff)
http_done: close Negotiate connections when done
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
Diffstat (limited to 'docs/libcurl/opts')
0 files changed, 0 insertions, 0 deletions