CVE-2014-8150

medium

Description

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

References

http://advisories.mageia.org/MGASA-2015-0020.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html

http://rhn.redhat.com/errata/RHSA-2015-1254.html

http://secunia.com/advisories/61925

http://secunia.com/advisories/62075

http://secunia.com/advisories/62361

https://kc.mcafee.com/corporate/index?page=content&id=SB10131

https://security.gentoo.org/glsa/201701-47

https://support.apple.com/kb/HT205031

http://www.debian.org/security/2015/dsa-3122

http://www.mandriva.com/security/advisories?name=MDVSA-2015:021

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securitytracker.com/id/1032768

http://www.ubuntu.com/usn/USN-2474-1

Details

Source: Mitre, NVD

Published: 2015-01-15

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium