CVE-2015-3153

EPSS 8.4%

curl - security update

發布日:2015/5/1修改日:2026/4/28

描述

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

受影響套件(2)

Debian/curlfrom 0, < 7.42.1-1
Debian/curlfrom 0, < 7.38.0-4+deb8u2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3153