Rapid7 Vulnerability & Exploit Database

Huawei EulerOS: CVE-2015-3153: curl security update

Back to Search

Huawei EulerOS: CVE-2015-3153: curl security update

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

05/01/2015

Created

12/19/2019

Added

12/18/2019

Modified

12/18/2019

Description

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Solution(s)

huawei-euleros-2_0_sp3-upgrade-curl
huawei-euleros-2_0_sp3-upgrade-libcurl
huawei-euleros-2_0_sp3-upgrade-libcurl-devel

References

https://attackerkb.com/topics/cve-2015-3153
APPLE-SA-2015-08-13-2
74408
CVE - 2015-3153
DSA-3240
Category I
V0061337
EulerOS-SA-2019-2566
2015-A-0199

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Huawei EulerOS: CVE-2015-3153: curl security update