SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0990-1)

curl was updated to fix five security issues. The following vulnerabilities were fixed : - CVE-2015-3143: curl could re-use NTML authenticateds connections - CVE-2015-3144: curl could access memory out of bounds with zero length host names - CVE-2015-3145: curl cookie parser could access memory o...

Crlf injection

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

CVE-2015-0733

CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting XSS attacks, via a crafted request, aka Bug ID...

Design/Logic Flaw

Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909...

ColdFusion Version Scanner

This module attempts identify various flavors of ColdFusion up to version 10 as well as the underlying OS. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ColdFusion Version Scanner',...

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

openSUSE Security Update : curl (openSUSE-2015-356)

curl was updated to 7.42.1 to fix one security issue. The following vulnerability was fixed : - CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies bnc928533 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

DEBIAN-CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

Default configuration

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

CVE-2015-3153

Technical details for CVE-2015-3153 are not provided in the connected documents. Monitor for updates; the available material only includes the initial summary of impact without vendor/product specifics.

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

Ubuntu: Security Advisory (USN-2591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : curl vulnerabilities (USN-2591-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2591-1 advisory. Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143...

USN-2591-1: curl vulnerabilities

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143 Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially...

CURL-CVE-2015-3153 sensitive HTTP server headers also sent to proxies

libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is sent to the prox...