The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-05-01T15:00:00

Updated: 2024-08-06T05:39:31.633Z

Reserved: 2015-04-10T00:00:00

Link: CVE-2015-3153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-05-01T15:59:05.817

Modified: 2018-10-17T01:29:25.897

Link: CVE-2015-3153

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-04-29T00:00:00Z

Links: CVE-2015-3153 - Bugzilla