5
CVE-2015-3153
- EPSS 7.54%
- Veröffentlicht 01.05.2015 15:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Enterprise Manager Ops Center Version <= 12.1.3
Oracle ≫ Enterprise Manager Ops Center Version12.2.0
Oracle ≫ Enterprise Manager Ops Center Version12.2.1
Oracle ≫ Enterprise Manager Ops Center Version12.3.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.10
Canonical ≫ Ubuntu Linux Version15.1
Debian ≫ Debian Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.54% | 0.937 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
https://kc.mcafee.com/corporate/index?page=content&id=SB10131
http://www.ubuntu.com/usn/USN-2591-1
http://curl.haxx.se/docs/adv_20150429.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html
http://www.debian.org/security/2015/dsa-3240
http://www.securityfocus.com/bid/74408
http://www.securitytracker.com/id/1032233