Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8150

Опубликовано: 08 янв. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.

Отчет

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4curlWill not fix
Red Hat Enterprise Linux 5curlWill not fix
Red Hat Enterprise Virtualization 3mingw-virt-viewerWill not fix
Red Hat JBoss Enterprise Web Server 1inktank-1.2-curlWill not fix
Red Hat Enterprise Linux 6curlFixedRHSA-2015:125420.07.2015
Red Hat Enterprise Linux 7curlFixedRHSA-2015:215919.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-113
https://bugzilla.redhat.com/show_bug.cgi?id=1178692curl: URL request injection vulnerability in parseurlandfillconn()

EPSS

Процентиль: 84%
0.0215
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8150

ubuntu
больше 10 лет назад

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

nvd логотип

CVE-2014-8150

nvd
больше 10 лет назад

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

debian логотип

CVE-2014-8150

debian
больше 10 лет назад

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...

github логотип

GHSA-rhch-32f3-p669

github
больше 3 лет назад

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

oracle-oval логотип

ELSA-2015-2159

oracle-oval
больше 9 лет назад

ELSA-2015-2159: curl security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 84%
0.0215
Низкий

4.3 Medium

CVSS2