[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8150Date: (C)2015-01-15   (M)2024-02-22


CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1032768
SECUNIA-61925
SECUNIA-62075
SECUNIA-62361
BID-71964
APPLE-SA-2015-08-13-2
DSA-3122
FEDORA-2015-0415
FEDORA-2015-0418
FEDORA-2015-6853
FEDORA-2015-6864
GLSA-201701-47
MDVSA-2015:021
RHSA-2015:1254
USN-2474-1
http://advisories.mageia.org/MGASA-2015-0020.html
http://curl.haxx.se/docs/adv_20150108B.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10131
https://support.apple.com/kb/HT205031
openSUSE-SU-2015:0248

CPE    119
cpe:/a:haxx:libcurl:7.24.0
cpe:/a:haxx:libcurl:7.20.1
cpe:/a:haxx:libcurl:7.4.1
cpe:/a:haxx:libcurl:7.4.2
...
OVAL    17
oval:org.secpod.oval:def:109325
oval:org.secpod.oval:def:702377
oval:org.secpod.oval:def:26640
oval:org.secpod.oval:def:204236
...

© SecPod Technologies