CVE-2015-3153

2015-05-0115:59:00

Debian Security Bug Tracker

security-tracker.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

OSVersionArchitecturePackageVersionFilename
Debian12allcurl< 7.42.1-1curl_7.42.1-1_all.deb
Debian11allcurl< 7.42.1-1curl_7.42.1-1_all.deb
Debian10allcurl< 7.42.1-1curl_7.42.1-1_all.deb
Debian999allcurl< 7.42.1-1curl_7.42.1-1_all.deb
Debian13allcurl< 7.42.1-1curl_7.42.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	curl	< 7.42.1-1	curl_7.42.1-1_all.deb
Debian	11	all	curl	< 7.42.1-1	curl_7.42.1-1_all.deb
Debian	10	all	curl	< 7.42.1-1	curl_7.42.1-1_all.deb
Debian	999	all	curl	< 7.42.1-1	curl_7.42.1-1_all.deb
Debian	13	all	curl	< 7.42.1-1	curl_7.42.1-1_all.deb