CVE-2003-1605: curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.

PriorityP339high7.5CVSS 3.0

AVNACLPRNUINSUCHINAN

EPSS

0.38%

59.9th percentile

curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.

Affected

6 ranges

Vendor	Product	Version range	Fixed in
debian	curl	< curl 7.10.7-1 (bookworm)	curl 7.10.7-1 (bookworm)
haxx	curl	>= 0 < 7.10.7-1	7.10.7-1
haxx	curl	>= 0 < 7.10.7-1	7.10.7-1
haxx	curl	>= 0 < 7.10.7-1	7.10.7-1
haxx	curl	>= 0 < 7.10.7-1	7.10.7-1
haxx	curl	>= 7.1.0 < 7.10.7	7.10.7

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N

osv7.5HIGH

vendor_debian7.5HIGH

Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.