Lucene search
UbuntuUSN-2474-1HistoryJan 15, 2015 - 12:00 a.m.
curl vulnerability
2015-01-1500:00:00
ubuntu.com
36
9.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
77.1%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- curl - HTTP, HTTPS, and FTP client and client libraries
Details
Andrey Labunets discovered that curl incorrectly handled certain URLs when
using a proxy server. If a user or automated system were tricked into using
a specially crafted URL, an attacker could possibly use this issue to
inject arbitrary HTTP requests.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | libcurl3 | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | curl | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | curl-udeb | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcurl3-dbg | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcurl3-gnutls | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcurl3-nss | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcurl3-udeb | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcurl4-gnutls-dev | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcurl4-nss-dev | < 7.37.1-1ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libcurl4-openssl-dev | < 7.37.1-1ubuntu3.2 | UNKNOWN |
References
Related
osv
osv
curl - security update
2015-01-15 00:00:00
curl - security update
2015-01-08 00:00:00
nessus
nessus
FreeBSD : asterisk -- Mitigation for libcURL HTTP request injection vulnerability (7656fc62-a7a7-11e4-96ba-001999f8d30b)
2015-01-30 00:00:00
Debian DSA-3122-1 : curl - security update
2015-01-09 00:00:00
Mandriva Linux Security Advisory : curl (MDVSA-2015:021)
2015-01-13 00:00:00
prion
prion
Crlf injection
2015-01-15 15:59:00
cve
cve
CVE-2014-8150
2015-01-15 15:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0020)
2022-01-28 00:00:00
Fedora Update for curl FEDORA-2015-0415
2015-01-12 00:00:00
Debian Security Advisory DSA 3122-1 (curl - security update)
2015-01-08 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:021 ] curl
2015-01-13 00:00:00
libCurl headers injection
2015-01-13 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
hackerone
hackerone
Internet Bug Bounty: libcurl: URL request injection
2014-12-25 00:00:00
freebsd
freebsd
cURL -- URL request injection vulnerability
2014-12-25 00:00:00
asterisk -- Mitigation for libcURL HTTP request injection vulnerability
2015-01-12 00:00:00
debiancve
debiancve
CVE-2014-8150
2015-01-15 15:59:00
fedora
fedora
[SECURITY] Fedora 21 Update: curl-7.37.0-12.fc21
2015-01-11 10:56:19
[SECURITY] Fedora 22 Update: asterisk-13.3.2-1.fc22
2015-07-21 08:17:44
[SECURITY] Fedora 20 Update: curl-7.32.0-18.fc20
2015-01-10 11:56:13
archlinux
archlinux
curl: url request injection
2015-01-18 00:00:00
mageia
mageia
Updated curl packages fix CVE-2014-8150
2015-01-09 19:44:12
debian
debian
[SECURITY] [DLA 134-1] curl security update
2015-01-15 21:10:23
[SECURITY] [DSA 3122-1] curl security update
2015-01-08 19:35:34
[SECURITY] [DSA 3122-1] curl security update
2015-01-08 19:35:34
ubuntucve
ubuntucve
CVE-2014-8150
2015-01-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Web Server HTTP Request URL Injection (CVE-2014-8150)
2016-08-28 00:00:00
ibm
ibm
amazon
amazon
Medium: curl
2015-02-11 19:36:00
f5
f5
redhat
redhat
(RHSA-2015:2159) Moderate: curl security, bug fix, and enhancement update
2015-11-19 14:41:12
(RHSA-2015:1254) Moderate: curl security, bug fix, and enhancement update
2015-07-22 05:29:46
oraclelinux
oraclelinux
curl security, bug fix, and enhancement update
2015-11-23 00:00:00
curl security, bug fix, and enhancement update
2015-07-28 00:00:00
veracode
veracode
CRLF Injection
2019-05-02 05:40:50
centos
centos
curl, libcurl security update
2015-07-26 14:12:23
curl, libcurl security update
2015-11-30 19:26:37
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
9.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
77.1%
Related for USN-2474-1