Remote Information Disclosure in cURL and libcurl by Curl
CVE-2015-3153
Currently unrated
Summary
Earlier versions of cURL and libcurl, specifically before 7.42.1, are susceptible to a vulnerability that exposes sensitive information. Due to their default configuration, these libraries can inadvertently send custom HTTP headers to both the proxy and the destination server. This behavior may allow remote proxy servers to access and read the contents of these headers, potentially disclosing confidential information. Users of affected versions should review their configurations and apply necessary updates to mitigate the risks associated with this vulnerability.
References
Timeline
Vulnerability published
Vulnerability Reserved