5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
73.0%
cURL reports:
libcurl provides applications a way to set custom HTTP
headers to be sent to the server by using CURLOPT_HTTPHEADER.
A similar option is available for the curl command-line
tool with the ‘–header’ option.
When the connection passes through an HTTP proxy the
same set of headers is sent to the proxy as well by default.
While this is by design, it has not necessarily been clear
nor understood by application programmers.