Описание
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.38.0-3ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 7.35.0-1ubuntu2.3 |
| lucid | released | 7.19.7-1ubuntu1.11 |
| precise | released | 7.22.0-3ubuntu4.12 |
| trusty | released | 7.35.0-1ubuntu2.3 |
| trusty/esm | not-affected | 7.35.0-1ubuntu2.3 |
| upstream | released | 7.38.0-4 |
| utopic | released | 7.37.1-1ubuntu3.2 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
ELSA-2015-2159: curl security, bug fix, and enhancement update (MODERATE)
EPSS
4.3 Medium
CVSS2