CVE - CVE-2014-8150

CVE-ID
CVE-2014-8150	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://curl.haxx.se/docs/adv_20150108B.html CONFIRM:http://advisories.mageia.org/MGASA-2015-0020.html CONFIRM:https://support.apple.com/kb/HT205031 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10131 APPLE:APPLE-SA-2015-08-13-2 URL:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html DEBIAN:DSA-3122 URL:http://www.debian.org/security/2015/dsa-3122 FEDORA:FEDORA-2015-0415 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html FEDORA:FEDORA-2015-0418 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html FEDORA:FEDORA-2015-6853 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html FEDORA:FEDORA-2015-6864 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html GENTOO:GLSA-201701-47 URL:https://security.gentoo.org/glsa/201701-47 MANDRIVA:MDVSA-2015:021 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:021 REDHAT:RHSA-2015:1254 URL:http://rhn.redhat.com/errata/RHSA-2015-1254.html SUSE:openSUSE-SU-2015:0248 URL:http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html UBUNTU:USN-2474-1 URL:http://www.ubuntu.com/usn/USN-2474-1 BID:71964 URL:http://www.securityfocus.com/bid/71964 SECTRACK:1032768 URL:http://www.securitytracker.com/id/1032768 SECUNIA:61925 URL:http://secunia.com/advisories/61925 SECUNIA:62075 URL:http://secunia.com/advisories/62075 SECUNIA:62361 URL:http://secunia.com/advisories/62361
Assigning CNA
N/A
Date Entry Created
20141010	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20141010)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us