diff options
author | Daniel Stenberg <daniel@haxx.se> | 2015-04-18 23:50:16 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-04-21 23:20:37 +0200 |
commit | 79b9d5f1a42578f807a6c94914bc65cbaa304b6d (patch) | |
tree | b90cfdb4f416b791700635fc986bb99701783971 /docs/libcurl/opts | |
parent | 0583e87ada7a3cfb10904ae4ab61b339582c5bd3 (diff) |
http_done: close Negotiate connections when done
When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.
CVE-2015-3148
Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
Diffstat (limited to 'docs/libcurl/opts')
0 files changed, 0 insertions, 0 deletions