CVE-2015-3153

Currently unrated

Key Information:

Vendor: Oracle
Status: Enterprise Manager Ops Center
Vendor: CVE Published:; 1 May 2015

Summary

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1032233

vdb-entryx_refsource_SECTRACK

http://www.oracle.com/technetwork/topics/security/cpuoct2...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 1, 2015
Vulnerability Reserved
Apr 10, 2015