Remote Information Disclosure in cURL and libcurl by Curl
CVE-2015-3153

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
1 May 2015

Summary

Earlier versions of cURL and libcurl, specifically before 7.42.1, are susceptible to a vulnerability that exposes sensitive information. Due to their default configuration, these libraries can inadvertently send custom HTTP headers to both the proxy and the destination server. This behavior may allow remote proxy servers to access and read the contents of these headers, potentially disclosing confidential information. Users of affected versions should review their configurations and apply necessary updates to mitigate the risks associated with this vulnerability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.