Vulnerabilities > CVE-2014-8150 - Remote Security Bypass vulnerability in cURL/libcURL

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
debian
haxx
canonical
nessus

Summary

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. <a href="http://cwe.mitre.org/data/definitions/93.html" target="_blank">CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>

Vulnerable Configurations

Part Description Count
OS
Debian
1
OS
Canonical
4
Application
Haxx
114

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2474-1.NASL
    descriptionAndrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id80826
    published2015-01-19
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80826
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : curl vulnerability (USN-2474-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2474-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80826);
      script_version("1.7");
      script_cvs_date("Date: 2019/09/19 12:54:31");
    
      script_cve_id("CVE-2014-8150");
      script_bugtraq_id(71964);
      script_xref(name:"USN", value:"2474-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : curl vulnerability (USN-2474-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Andrey Labunets discovered that curl incorrectly handled certain URLs
    when using a proxy server. If a user or automated system were tricked
    into using a specially crafted URL, an attacker could possibly use
    this issue to inject arbitrary HTTP requests.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2474-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected libcurl3, libcurl3-gnutls and / or libcurl3-nss
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurl3-nss");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 14.04 / 14.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libcurl3", pkgver:"7.19.7-1ubuntu1.11")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"libcurl3-gnutls", pkgver:"7.19.7-1ubuntu1.11")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libcurl3", pkgver:"7.22.0-3ubuntu4.12")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libcurl3-gnutls", pkgver:"7.22.0-3ubuntu4.12")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libcurl3-nss", pkgver:"7.22.0-3ubuntu4.12")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libcurl3", pkgver:"7.35.0-1ubuntu2.3")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libcurl3-gnutls", pkgver:"7.35.0-1ubuntu2.3")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libcurl3-nss", pkgver:"7.35.0-1ubuntu2.3")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libcurl3", pkgver:"7.37.1-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libcurl3-gnutls", pkgver:"7.37.1-1ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"14.10", pkgname:"libcurl3-nss", pkgver:"7.37.1-1ubuntu3.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcurl3 / libcurl3-gnutls / libcurl3-nss");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3122.NASL
    descriptionAndrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in a way that was not intended, or insert additional request headers into the request.
    last seen2020-03-17
    modified2015-01-09
    plugin id80421
    published2015-01-09
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80421
    titleDebian DSA-3122-1 : curl - security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-0418.NASL
    description - reject CRLFs in URLs passed to proxy (CVE-2014-8150) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-01-12
    plugin id80450
    published2015-01-12
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80450
    titleFedora 20 : curl-7.32.0-18.fc20 (2015-0418)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2159.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id86934
    published2015-11-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86934
    titleRHEL 7 : curl (RHSA-2015:2159)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0107.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - require credentials to match for NTLM re-use (CVE-2015-3143) - close Negotiate connections when done (CVE-2015-3148) - reject CRLFs in URLs passed to proxy (CVE-2014-8150) - use only full matches for hosts used as IP address in cookies (CVE-2014-3613) - fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707) - fix manpage typos found using aspell (#1011101) - fix comments about loading CA certs with NSS in man pages (#1011083) - fix handling of DNS cache timeout while a transfer is in progress (#835898) - eliminate unnecessary inotify events on upload via file protocol (#883002) - use correct socket type in the examples (#997185) - do not crash if MD5 fingerprint is not provided by libssh2 (#1008178) - fix SIGSEGV of curl --retry when network is down (#1009455) - allow to use TLS 1.1 and TLS 1.2 (#1012136) - docs: update the links to cipher-suites supported by NSS (#1104160) - allow to use ECC ciphers if NSS implements them (#1058767) - make curl --trace-time print correct time (#1120196) - let tool call PR_Cleanup on exit if NSPR is used (#1146528) - ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747) - allow to enable/disable new AES cipher-suites (#1156422) - include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163) - disable libcurl-level downgrade to SSLv3 (#1154059) - do not force connection close after failed HEAD request (#1168137) - fix occasional SIGSEGV during SSL handshake (#1168668) - fix a connection failure when FTPS handle is reused (#1154663) - fix re-use of wrong HTTP NTLM connection (CVE-2014-0015) - fix connection re-use when using different log-in credentials (CVE-2014-0138) - fix authentication failure when server offers multiple auth options (#799557) - refresh expired cookie in test172 from upstream test-suite (#1069271) - fix a memory leak caused by write after close (#1078562) - nss: implement non-blocking SSL handshake (#1083742)
    last seen2020-06-01
    modified2020-06-02
    plugin id85148
    published2015-07-31
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85148
    titleOracleVM 3.3 : curl (OVMSA-2015-0107)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-47.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-47 (cURL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers and bug reports referenced for details. Impact : Remote attackers could conduct a Man-in-the-Middle attack to obtain sensitive information, cause a Denial of Service condition, or execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96644
    published2017-01-20
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96644
    titleGLSA-201701-47 : cURL: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1549.NASL
    descriptionAccording to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply.(CVE-2018-1000121) - It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash, or an unspecified behavior.(CVE-2018-1000120) - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8623) - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8622) - It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.(CVE-2016-5419) - A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.(CVE-2017-1000257) - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8624) - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-8621) - A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage(CVE-2018-1000122) - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2016-9586) - The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an
    last seen2020-06-01
    modified2020-06-02
    plugin id125002
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125002
    titleEulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1549)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1254.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id84912
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84912
    titleRHEL 6 : curl (RHSA-2015:1254)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CAA98FFD0A9240D0B234FD79B429157E.NASL
    descriptioncURL reports : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. Many programs allow some kind of external sources to set the URL or provide partial pieces for the URL to ask for, and if the URL as received from the user is not stripped good enough this flaw allows malicious users to do additional requests in a way that was not intended, or just to insert request headers into the request that the program didn
    last seen2020-06-01
    modified2020-06-02
    plugin id80453
    published2015-01-12
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80453
    titleFreeBSD : cURL -- URL request injection vulnerability (caa98ffd-0a92-40d0-b234-fd79b429157e)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1254.NASL
    descriptionFrom Red Hat Security Advisory 2015:1254 : Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id85096
    published2015-07-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85096
    titleOracle Linux 6 : curl (ELSA-2015-1254)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-0415.NASL
    description - reject CRLFs in URLs passed to proxy (CVE-2014-8150) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-01-12
    plugin id80449
    published2015-01-12
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80449
    titleFedora 21 : curl-7.37.0-12.fc21 (2015-0415)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-477.NASL
    descriptionThe curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. (CVE-2014-3707) CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. (CVE-2014-8150)
    last seen2020-06-01
    modified2020-06-02
    plugin id81323
    published2015-02-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81323
    titleAmazon Linux AMI : curl (ALAS-2015-477)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-6853.NASL
    descriptionUpdate to 7.42.0 which fixes various CVE
    last seen2020-06-05
    modified2015-05-05
    plugin id83237
    published2015-05-05
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83237
    titleFedora 21 : mingw-curl-7.42.0-1.fc21 (2015-6853)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-021.NASL
    descriptionUpdated curl packages fix security vulnerability : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL (CVE-2014-8150).
    last seen2020-06-01
    modified2020-06-02
    plugin id80467
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80467
    titleMandriva Linux Security Advisory : curl (MDVSA-2015:021)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id85408
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85408
    titleMac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1254.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id85009
    published2015-07-28
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85009
    titleCentOS 6 : curl (CESA-2015:1254)
  • NASL familyMisc.
    NASL idASTERISK_AST_2015_002.NASL
    descriptionAccording to its SIP banner, the version of Asterisk running on the remote host is potentially affected by an HTTP request injection vulnerability due to a flaw within the included libcURL library in the
    last seen2020-06-01
    modified2020-06-02
    plugin id81257
    published2015-02-10
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81257
    titleAsterisk libcURL HTTP Request Injection (AST-2015-002)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150722_CURL_ON_SL6_X.NASL
    descriptionIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-03-18
    modified2015-08-04
    plugin id85191
    published2015-08-04
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85191
    titleScientific Linux Security Update : curl on SL6.x i386/x86_64 (20150722)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-125.NASL
    descriptionwas updated to version 7.40.0 to fix two security issues. These security issues were fixed : - CVE-2014-8150: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allowed remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL (bnc#911363). - CVE-2014-3707: The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, did not properly copy HTTP POST data for an easy handle, which triggered an out-of-bounds read that allowed remote web servers to read sensitive memory information (bnc#901924). These non-security issues were fixed : - http_digest: Added support for Windows SSPI based authentication - version info: Added Kerberos V5 to the supported features - Makefile: Added VC targets for WinIDN - SSL: Add PEM format support for public key pinning - smtp: Added support for the conversion of Unix newlines during mail send - smb: Added initial support for the SMB/CIFS protocol - Added support for HTTP over unix domain sockets, - via CURLOPT_UNIX_SOCKET_PATH and --unix-socket - sasl: Added support for GSS-API based Kerberos V5 authentication
    last seen2020-06-05
    modified2015-02-11
    plugin id81287
    published2015-02-11
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81287
    titleopenSUSE Security Update : curl (openSUSE-2015-125)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-6864.NASL
    descriptionUpdate to 7.42.0 which fixes various CVE
    last seen2020-06-05
    modified2015-05-04
    plugin id83212
    published2015-05-04
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83212
    titleFedora 22 : mingw-curl-7.42.0-1.fc22 (2015-6864)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20151119_CURL_ON_SL7_X.NASL
    descriptionIt was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-03-18
    modified2015-12-22
    plugin id87554
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87554
    titleScientific Linux Security Update : curl on SL7.x x86_64 (20151119)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-2159.NASL
    descriptionUpdated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id87138
    published2015-12-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87138
    titleCentOS 7 : curl (CESA-2015:2159)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7656FC62A7A711E496BA001999F8D30B.NASL
    descriptionThe Asterisk project reports : CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.
    last seen2020-06-01
    modified2020-06-02
    plugin id81097
    published2015-01-30
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81097
    titleFreeBSD : asterisk -- Mitigation for libcURL HTTP request injection vulnerability (7656fc62-a7a7-11e4-96ba-001999f8d30b)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_CURL-201501-150113.NASL
    descriptionThis update fixes the following security issues : - URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. (CVE-2014-8150) If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. - duphandle read out of bounds. (bnc#901924). (CVE-2014-3707) - libcurl cookie leaks (bnc#894575) Additional bug fixed:. (CVE-2014-3613) - curl_multi_remove_handle: don
    last seen2020-06-01
    modified2020-06-02
    plugin id81121
    published2015-02-02
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81121
    titleSuSE 11.3 Security Update : curl (SAT Patch Number 10166)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0083-1.NASL
    descriptionThis update fixes the following security issues - CVE-2014-8150: URL request injection vulnerability (bnc#911363) - CVE-2014-3707: duphandle read out of bounds (bnc#901924) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83668
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83668
    titleSUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2015:0083-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-134.NASL
    descriptionAndrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in a way that was not intended, or insert additional request headers into the request. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82117
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82117
    titleDebian DLA-134-1 : curl security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-2159.NASL
    descriptionFrom Red Hat Security Advisory 2015:2159 : Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user
    last seen2020-06-01
    modified2020-06-02
    plugin id87028
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87028
    titleOracle Linux 7 : curl (ELSA-2015-2159)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-098.NASL
    descriptionUpdated curl packages fix security vulnerabilities : Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user (CVE-2014-0015). libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials (CVE-2014-0138). libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site (CVE-2014-0139). In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to access the site (CVE-2014-3613). In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain (CVE-2014-3620). Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence (CVE-2014-3707). When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL (CVE-2014-8150).
    last seen2020-06-01
    modified2020-06-02
    plugin id82351
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82351
    titleMandriva Linux Security Advisory : curl (MDVSA-2015:098)

Redhat

advisories
rhsa
idRHSA-2015:1254
rpms
  • curl-0:7.19.7-46.el6
  • curl-debuginfo-0:7.19.7-46.el6
  • libcurl-0:7.19.7-46.el6
  • libcurl-devel-0:7.19.7-46.el6
  • curl-0:7.29.0-25.el7
  • curl-debuginfo-0:7.29.0-25.el7
  • libcurl-0:7.29.0-25.el7
  • libcurl-devel-0:7.29.0-25.el7