CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

Date published : 2016-01-29

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://www.securityfocus.com/bid/82307