Executive Summary

Informations
NameCVE-2015-3153First vendor Publication2015-05-01
VendorCveLast vendor Modification2018-10-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3153

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:29165
 
Oval ID: oval:org.mitre.oval:def:29165
Title: SUSE-SU-2015:0990-1 -- Security update for curl (moderate)
Description: curl was updated to fix five security issues. The following vulnerabilities were fixed: * CVE-2015-3143: curl could re-use NTML authenticateds connections * CVE-2015-3144: curl could access memory out of bounds with zero length host names * CVE-2015-3145: curl cookie parser could access memory out of boundary * CVE-2015-3148: curl could treat Negotiate as not connection-oriented * CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies
Family: unix Class: patch
Reference(s): SUSE-SU-2015:0990-1
CVE-2015-3143
CVE-2015-3144
CVE-2015-3145
CVE-2015-3148
CVE-2015-3153
Version: 3
Platform(s): SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
Product(s): curl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application118
Application119
Application4
Os1
Os4
Os1

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-08-20IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337

Nessus® Vulnerability Scanner

DateDescription
2015-08-17Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-06-04Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0990-1.nasl - Type : ACT_GATHER_INFO
2015-05-29Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0962-1.nasl - Type : ACT_GATHER_INFO
2015-05-27Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_27f742f603f411e5aab1d050996490d0.nasl - Type : ACT_GATHER_INFO
2015-05-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-356.nasl - Type : ACT_GATHER_INFO
2015-05-01Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2591-1.nasl - Type : ACT_GATHER_INFO
2015-04-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3240.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BID http://www.securityfocus.com/bid/74408
CONFIRM http://curl.haxx.se/docs/adv_20150429.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10131
https://support.apple.com/kb/HT205031
DEBIAN http://www.debian.org/security/2015/dsa-3240
SECTRACK http://www.securitytracker.com/id/1032233
SUSE http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html
UBUNTU http://www.ubuntu.com/usn/USN-2591-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
DateInformations
2019-09-25 01:07:05
  • Multiple Updates
2018-10-17 09:20:15
  • Multiple Updates
2018-05-25 12:06:12
  • Multiple Updates
2018-03-06 12:04:29
  • Multiple Updates
2017-01-03 09:23:17
  • Multiple Updates
2016-12-31 09:24:29
  • Multiple Updates
2016-12-08 09:23:42
  • Multiple Updates
2016-12-03 09:24:12
  • Multiple Updates
2016-10-15 09:24:41
  • Multiple Updates
2016-08-30 21:25:45
  • Multiple Updates
2016-06-29 00:56:20
  • Multiple Updates
2016-01-22 09:22:25
  • Multiple Updates
2015-10-23 09:23:48
  • Multiple Updates
2015-10-18 17:24:44
  • Multiple Updates
2015-08-19 00:24:12
  • Multiple Updates
2015-08-18 13:35:12
  • Multiple Updates
2015-08-18 09:20:04
  • Multiple Updates
2015-06-05 13:27:58
  • Multiple Updates
2015-05-30 13:27:38
  • Multiple Updates
2015-05-28 13:27:58
  • Multiple Updates
2015-05-19 21:30:53
  • Multiple Updates
2015-05-14 21:30:06
  • Multiple Updates
2015-05-14 13:28:19
  • Multiple Updates
2015-05-12 09:29:05
  • Multiple Updates
2015-05-04 21:27:27
  • Multiple Updates
2015-05-02 13:26:27
  • Multiple Updates
2015-05-01 21:37:09
  • First insertion