Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2015-3153
StatusCandidate
DescriptionThe default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Severity
Medium
CVSS score5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:N/A:N)
PhaseAssigned (10.04.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3153
ReferencesSECTRACK : 1032233
 APPLE : APPLE-SA-2015-08-13-2
 DEBIAN : DSA-3240
 CONFIRM : http://curl.haxx.se/docs/adv_20150429.html
 CONFIRM : https://support.apple.com/kb/HT205031
 UBUNTU : USN-2591-1
SecurityVulns:Apple Mac OS X / OS X Server multiple security vulnerabilities
 cURL security vulnerabilitiies
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod