CVE-2015-3153

cURL <7.42.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032233
Patch, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Patch, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2591-1
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT205031
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74408
Vendor Advisory x_refsource_confirm
http://curl.haxx.se/docs/adv_20150429.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3240

Scores

EPSS 0.0837
EPSS Percentile 92.4%

Details

CWE
CWE-200
Status published
Products (12)
apple/mac_os_x 10.10.4
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
canonical/ubuntu_linux 15.1
debian/debian_linux 8.0
haxx/curl < 7.42.0
haxx/libcurl < 7.42.0
oracle/enterprise_manager_ops_center 12.2.0
oracle/enterprise_manager_ops_center 12.2.1
... and 2 more
Published May 01, 2015
Tracked Since Feb 18, 2026