« List of all CVEs

CVE-2015-3153

Published: 5/1/2015 Last updated: 8/6/2024 Reserved: 4/10/2015

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (3)

conf-libcurl conf-mingw-w64-curl-i686 conf-mingw-w64-curl-x86_64

Products affected (1)

Product	Vendor	Version
n/a	n/a	WCD9380

References (28)