FreeBSD : cURL -- URL request injection vulnerability (caa98ffd-0a92-40d0-b234-fd79b429157e)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

cURL reports :

When libcurl sends a request to a server via a HTTP proxy, it copies
the entire URL into the request and sends if off. If the given URL
contains line feeds and carriage returns those will be sent along to
the proxy too, which allows the program to for example send a separate
HTTP request injected embedded in the URL. Many programs allow some
kind of external sources to set the URL or provide partial pieces for
the URL to ask for, and if the URL as received from the user is not
stripped good enough this flaw allows malicious users to do additional
requests in a way that was not intended, or just to insert request
headers into the request that the program didn't intend. We are not
aware of any exploit of this flaw.

See also :

http://curl.haxx.se/docs/adv_20150108B.html
http://www.nessus.org/u?dbb44612

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 80453 ()

Bugtraq ID:

CVE ID: CVE-2014-8150

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now