CVE Vulnerabilities

CVE-2014-8150

Published: Jan 15, 2015 | Modified: Jan 05, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Affected Software

Name Vendor Start Version End Version
Debian_linux Debian 7.0 (including) 7.0 (including)
Red Hat Enterprise Linux 6 RedHat curl-0:7.19.7-46.el6 *
Red Hat Enterprise Linux 7 RedHat curl-0:7.29.0-25.el7 *
Curl Ubuntu devel *
Curl Ubuntu lucid *
Curl Ubuntu precise *
Curl Ubuntu trusty *
Curl Ubuntu upstream *
Curl Ubuntu utopic *

References