Lucene search

[email protected]CVE-2015-3153

HistoryMay 01, 2015 - 3:59 p.m.

CVE-2015-3153

2015-05-0115:59:05

CWE-200

[email protected]

web.nvd.nist.gov

curl

libcurl

cve-2015-3153

security vulnerability

http headers

proxy server

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.1%

JSON

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Affected configurations

NVD

Node

oracleenterprise_manager_ops_centerRange≤12.1.3

oracleenterprise_manager_ops_centerMatch12.2.0

oracleenterprise_manager_ops_centerMatch12.2.1

oracleenterprise_manager_ops_centerMatch12.3.0

Node

haxxcurlRange≤7.42.0

haxxlibcurlRange≤7.42.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.1

Node

applemac_os_xMatch10.10.4

Node

debiandebian_linuxMatch8.0

CPENameOperatorVersion
oracle:enterprise_manager_ops_centeroracle enterprise manager ops centerle12.1.3
oracle:enterprise_manager_ops_centeroracle enterprise manager ops centereq12.2.0
oracle:enterprise_manager_ops_centeroracle enterprise manager ops centereq12.2.1
oracle:enterprise_manager_ops_centeroracle enterprise manager ops centereq12.3.0

CPE	Name	Operator	Version
oracle:enterprise_manager_ops_center	oracle enterprise manager ops center	le	12.1.3
oracle:enterprise_manager_ops_center	oracle enterprise manager ops center	eq	12.2.0
oracle:enterprise_manager_ops_center	oracle enterprise manager ops center	eq	12.2.1
oracle:enterprise_manager_ops_center	oracle enterprise manager ops center	eq	12.3.0