Description
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
References (24)
Core 24
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62361
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10131
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0020.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71964
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032768
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html
Vendor Advisory x_refsource_confirm
http://curl.haxx.se/docs/adv_20150108B.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205031
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2474-1
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-47
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:021
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62075
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3122
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61925
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1254.html
Scores
EPSS
0.0123
EPSS Percentile
79.4%
Details
Status
published
Products (49)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
debian/debian_linux
7.0
haxx/libcurl
6.0
haxx/libcurl
6.1 (2 CPE variants)
haxx/libcurl
6.2
haxx/libcurl
6.3
haxx/libcurl
6.3.1
... and 39 more
Published
Jan 15, 2015
Tracked Since
Feb 18, 2026