CVE-2014-8150
published 2015-01-15CVE-2014-8150: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
6.81%
93.2th percentile
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
Affected
124 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | curl | < curl 7.38.0-4 (bookworm) | curl 7.38.0-4 (bookworm) |
| debian | debian_linux | — | — |
| haxx | curl | >= 0 < 7.38.0-4 | 7.38.0-4 |
| haxx | curl | >= 0 < 7.38.0-4 | 7.38.0-4 |
| haxx | curl | >= 0 < 7.38.0-4 | 7.38.0-4 |
| haxx | curl | >= 0 < 7.38.0-4 | 7.38.0-4 |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
| haxx | libcurl | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
curl vulnerability
vendor_ubuntu·2015-01-15
CVE-2014-8150 curl vulnerability
Title: curl vulnerability
Summary: curl could be tricked into adding arbitrary requests when following certain
URLs.
Andrey Labunets discovered that curl incorrectly handled certain URLs when
using a proxy server. If a user or automated system were tricked into using
a specially crafted URL, an attacker could possibly use this issue to
inject arbitrary HTTP requests.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
curl: URL request injection vulnerability in parseurlandfillconn()
vendor_redhat·2015-01-08·CVSS 4.3
CVE-2014-8150 [MEDIUM] CWE-113 curl: URL request injection vulnerability in parseurlandfillconn()
curl: URL request injection vulnerability in parseurlandfillconn()
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests.
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently plan
Debian
CVE-2014-8150: curl - CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when usin...
vendor_debian·2014·CVSS 4.3
CVE-2014-8150 [MEDIUM] CVE-2014-8150: curl - CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when usin...
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
Scope: local
bookworm: resolved (fixed in 7.38.0-4)
bullseye: resolved (fixed in 7.38.0-4)
forky: resolved (fixed in 7.38.0-4)
sid: resolved (fixed in 7.38.0-4)
trixie: resolved (fixed in 7.38.0-4)
Apple
CVE-2014-8150: OS X Yosemite v10.10.5 and Security Update 2015-006
vendor_apple·CVSS 4.3
CVE-2014-8150 [MEDIUM] CVE-2014-8150: OS X Yosemite v10.10.5 and Security Update 2015-006
Apple Security Update: About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006
Product: OS X Yosemite v10.10.5 and Security Update 2015-006
CVE: CVE-2014-8150
Component: CVE-2014-8150
GHSA
GHSA-rhch-32f3-p669: CRLF injection vulnerability in libcurl 6
ghsa_unreviewed·2022-05-14
CVE-2014-8150 [MEDIUM] GHSA-rhch-32f3-p669: CRLF injection vulnerability in libcurl 6
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
OSV
CVE-2014-8150: CRLF injection vulnerability in libcurl 6
osv·2015-01-15·CVSS 4.3
CVE-2014-8150 [MEDIUM] CVE-2014-8150: CRLF injection vulnerability in libcurl 6
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
No detection rules found.
No public exploits indexed.
Bugzilla
asterisk: mitigation for libcURL HTTP request injection vulnerability (AST-2015-002)
bugzilla·2015-01-29·CVSS 4.3
CVE-2014-8150 [MEDIUM] asterisk: mitigation for libcURL HTTP request injection vulnerability (AST-2015-002)
asterisk: mitigation for libcURL HTTP request injection vulnerability (AST-2015-002)
CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.
Asterisk has been patched with a similar patch as libcURL was for CVE-2014-8150. This means that carriage return and linefeed characters are forbidden from being in HTTP URLs that will be passed to libc
Bugzilla
CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]
bugzilla·2015-01-08·CVSS 4.3
CVE-2014-8150 [MEDIUM] CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]
CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppor
Bugzilla
CVE-2014-8150 mingw-curl: curl: URL request injection vulnerability in parseurlandfillconn() [epel-7]
bugzilla·2015-01-08·CVSS 4.3
CVE-2014-8150 [MEDIUM] CVE-2014-8150 mingw-curl: curl: URL request injection vulnerability in parseurlandfillconn() [epel-7]
CVE-2014-8150 mingw-curl: curl: URL request injection vulnerability in parseurlandfillconn() [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for min
Bugzilla
CVE-2014-8150 mingw-curl: curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]
bugzilla·2015-01-08·CVSS 4.3
CVE-2014-8150 [MEDIUM] CVE-2014-8150 mingw-curl: curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]
CVE-2014-8150 mingw-curl: curl: URL request injection vulnerability in parseurlandfillconn() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
HackerOne
libcurl: URL request injection
hackerone·2015-01-08·CVSS 4.3
CVE-2014-8150 [MEDIUM] libcurl: URL request injection
libcurl: URL request injection
libcurl: URL request injection (CVE-2014-8150)
Bugzilla
CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
bugzilla·2015-01-05·CVSS 4.3
CVE-2014-8150 [MEDIUM] CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()
libcurl upstream reports:
"""
When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off.
If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL.
Many programs allow some kind of external sources to set the URL or provide partial pieces for the URL to request, and if the URL (as received from the user) is not stripped good enough - this flaw allows malicious users to do additional requests in a way that was not intended, or to insert request headers into the request that the program didn't intend.
We are
http://advisories.mageia.org/MGASA-2015-0020.htmlhttp://curl.haxx.se/docs/adv_20150108B.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00040.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1254.htmlhttp://secunia.com/advisories/61925http://secunia.com/advisories/62075http://secunia.com/advisories/62361http://www.debian.org/security/2015/dsa-3122http://www.mandriva.com/security/advisories?name=MDVSA-2015:021http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/71964http://www.securitytracker.com/id/1032768http://www.ubuntu.com/usn/USN-2474-1https://kc.mcafee.com/corporate/index?page=content&id=SB10131https://security.gentoo.org/glsa/201701-47https://support.apple.com/kb/HT205031http://advisories.mageia.org/MGASA-2015-0020.htmlhttp://curl.haxx.se/docs/adv_20150108B.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00040.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1254.htmlhttp://secunia.com/advisories/61925http://secunia.com/advisories/62075http://secunia.com/advisories/62361http://www.debian.org/security/2015/dsa-3122http://www.mandriva.com/security/advisories?name=MDVSA-2015:021http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/71964http://www.securitytracker.com/id/1032768http://www.ubuntu.com/usn/USN-2474-1https://kc.mcafee.com/corporate/index?page=content&id=SB10131https://security.gentoo.org/glsa/201701-47https://support.apple.com/kb/HT205031
2015-01-15
Published