| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3236 | 5.0 |
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain
|
17-10-2018 - 01:29 | 22-06-2015 - 19:59 | |
| CVE-2015-3153 | 5.0 |
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
|
17-10-2018 - 01:29 | 01-05-2015 - 15:59 | |
| CVE-2014-8150 | 4.3 |
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. <a href="http://cwe.mit
|
05-01-2018 - 02:29 | 15-01-2015 - 15:59 |