Vulnerability CVE-2015-3153: Information

Description

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-3153
Published: May 1, 2015
Modified: Oct. 17, 2018
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
curlsisyphus7.42.1-alt18.7.1-alt2ALT-PU-2015-1410-1143854Fixed
curlp107.42.1-alt18.7.1-alt2ALT-PU-2015-1410-1143854Fixed
curlp97.42.1-alt17.79.0-alt2ALT-PU-2015-1410-1143854Fixed
curlc10f17.42.1-alt18.6.0-alt1ALT-PU-2015-1410-1143854Fixed
curlc9f27.42.1-alt18.6.0-alt1ALT-PU-2015-1410-1143854Fixed
curlc77.56.1-alt1.M70C.1.17.56.1-alt1.M70C.1.1ALT-PU-2018-1442-1202075Fixed
curlp117.42.1-alt18.7.1-alt2ALT-PU-2015-1410-1143854Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://curl.haxx.se/docs/adv_20150429.html
  • Vendor Advisory
USN-2591-1
  • Third Party Advisory
DSA-3240
  • Third Party Advisory
1032233
  • Third Party Advisory
  • VDB Entry
APPLE-SA-2015-08-13-2
  • Mailing List
  • Third Party Advisory
https://support.apple.com/kb/HT205031
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
  • Patch
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
  • Patch
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
    http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
      https://kc.mcafee.com/corporate/index?page=content&id=SB10131
        74408
          openSUSE-SU-2015:0861
            http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

                1. Configuration 1

                  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*
                  cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:*
                  End including
                  12.1.3
                  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*
                  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*

                  Configuration 2

                  cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
                  End including
                  7.42.0
                  cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
                  End including
                  7.42.0

                  Configuration 3

                  cpe:2.3:o:canonical:ubuntu_linux:15.1:*:*:*:*:*:*:*
                  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
                  cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
                  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

                  Configuration 4

                  cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*

                  Configuration 5

                  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.2
              Back to top