CVE-2015-3153: Infoleak
First published: Fri May 01 2015(Updated: )
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Enterprise Manager Ops Center | <=12.1.3 | |
| Oracle Enterprise Manager Ops Center | =12.2.0 | |
| Oracle Enterprise Manager Ops Center | =12.2.1 | |
| Oracle Enterprise Manager Ops Center | =12.3.0 | |
| curl | <=7.42.0 | |
| Haxx Libcurl | <=7.42.0 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =14.10 | |
| Canonical Ubuntu Linux | =15.1 | |
| Apple Mac OS X | =10.10.4 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://curl.haxx.se/docs/adv_20150429.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html
- http://www.debian.org/security/2015/dsa-3240
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/bid/74408
- http://www.securitytracker.com/id/1032233
- http://www.ubuntu.com/usn/USN-2591-1
- https://kc.mcafee.com/corporate/index?page=content&id=SB10131
- https://support.apple.com/kb/HT205031
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle enterprise manager ops center
- version/oracle enterprise manager ops center/12.1.3
- version/oracle enterprise manager ops center/12.2.0
- version/oracle enterprise manager ops center/12.2.1
- version/oracle enterprise manager ops center/12.3.0
- vendor/haxx
- canonical/curl
- version/curl/7.42.0
- canonical/haxx libcurl
- version/haxx libcurl/7.42.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/14.10
- version/canonical ubuntu linux/15.1
- vendor/apple
- canonical/apple mac os x
- version/apple mac os x/10.10.4
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0