Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8150

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-8150
Last Modified 17 Aug 2015 09:59:53
Published 15 Jan 2015 10:59:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8150

Summary

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

  • Debian Linux 7.0

Application

  • Haxx Libcurl 6.0

  • Haxx Libcurl 6.1

  • Haxx Libcurl 6.2

  • Haxx Libcurl 6.3

  • Haxx Libcurl 6.3.1

  • Haxx Libcurl 6.4

  • Haxx Libcurl 6.5

  • Haxx Libcurl 6.5.1

  • Haxx Libcurl 6.5.2

  • Haxx Libcurl 7.1

  • Haxx Libcurl 7.1.1

  • Haxx Libcurl 7.10

  • Haxx Libcurl 7.10.1

  • Haxx Libcurl 7.10.2

  • Haxx Libcurl 7.10.3

  • Haxx Libcurl 7.10.4

  • Haxx Libcurl 7.10.5

  • Haxx Libcurl 7.10.6

  • Haxx Libcurl 7.10.7

  • Haxx Libcurl 7.10.8

  • Haxx Libcurl 7.11.0

  • Haxx Libcurl 7.11.1

  • Haxx Libcurl 7.11.2

  • Haxx Libcurl 7.12.0

  • Haxx Libcurl 7.12.1

  • Haxx Libcurl 7.12.2

  • Haxx Libcurl 7.12.3

  • Haxx Libcurl 7.13.0

  • Haxx Libcurl 7.13.1

  • Haxx Libcurl 7.13.2

  • Haxx Libcurl 7.14.0

  • Haxx Libcurl 7.14.1

  • Haxx Libcurl 7.15.0

  • Haxx Libcurl 7.15.1

  • Haxx Libcurl 7.15.2

  • Haxx Libcurl 7.15.3

  • Haxx Libcurl 7.15.4

  • Haxx Libcurl 7.15.5

  • Haxx Libcurl 7.16.0

  • Haxx Libcurl 7.16.1

  • Haxx Libcurl 7.16.2

  • Haxx Libcurl 7.16.3

  • Haxx Libcurl 7.16.4

  • Haxx Libcurl 7.17.0

  • Haxx Libcurl 7.17.1

  • Haxx Libcurl 7.18.0

  • Haxx Libcurl 7.18.1

  • Haxx Libcurl 7.18.2

  • Haxx Libcurl 7.19.0

  • Haxx Libcurl 7.19.1

  • Haxx Libcurl 7.19.2

  • Haxx Libcurl 7.19.3

  • Haxx Libcurl 7.19.4

  • Haxx Libcurl 7.19.5

  • Haxx Libcurl 7.19.6

  • Haxx Libcurl 7.19.7

  • Haxx Libcurl 7.2

  • Haxx Libcurl 7.2.1

  • Haxx Libcurl 7.20.0

  • Haxx Libcurl 7.20.1

  • Haxx Libcurl 7.21.0

  • Haxx Libcurl 7.21.1

  • Haxx Libcurl 7.21.2

  • Haxx Libcurl 7.21.3

  • Haxx Libcurl 7.21.4

  • Haxx Libcurl 7.21.5

  • Haxx Libcurl 7.21.6

  • Haxx Libcurl 7.21.7

  • Haxx Libcurl 7.22.0

  • Haxx Libcurl 7.23.0

  • Haxx Libcurl 7.23.1

  • Haxx Libcurl 7.24.0

  • Haxx Libcurl 7.25.0

  • Haxx Libcurl 7.26.0

  • Haxx Libcurl 7.27.0

  • Haxx Libcurl 7.28.0

  • Haxx Libcurl 7.28.1

  • Haxx Libcurl 7.29.0

  • Haxx Libcurl 7.3

  • Haxx Libcurl 7.30.0

  • Haxx Libcurl 7.31.0

  • Haxx Libcurl 7.32.0

  • Haxx Libcurl 7.33.0

  • Haxx Libcurl 7.34.0

  • Haxx Libcurl 7.35.0

  • Haxx Libcurl 7.36.0

  • Haxx Libcurl 7.37.0

  • Haxx Libcurl 7.37.1

  • Haxx Libcurl 7.38.0

  • Haxx Libcurl 7.39

  • Haxx Libcurl 7.4

  • Haxx Libcurl 7.4.1

  • Haxx Libcurl 7.4.2

  • Haxx Libcurl 7.5

  • Haxx Libcurl 7.5.1

  • Haxx Libcurl 7.5.2

  • Haxx Libcurl 7.6

  • Haxx Libcurl 7.6.1

  • Haxx Libcurl 7.7

  • Haxx Libcurl 7.7.1

  • Haxx Libcurl 7.7.2

  • Haxx Libcurl 7.7.3

  • Haxx Libcurl 7.8

  • Haxx Libcurl 7.8.1

  • Haxx Libcurl 7.9

  • Haxx Libcurl 7.9.1

  • Haxx Libcurl 7.9.2

  • Haxx Libcurl 7.9.3

  • Haxx Libcurl 7.9.4

  • Haxx Libcurl 7.9.5

  • Haxx Libcurl 7.9.6

  • Haxx Libcurl 7.9.7

  • Haxx Libcurl 7.9.8


References

DEBIAN - DSA-3122

SECUNIA - 62075

SECUNIA - 61925

CONFIRM - http://curl.haxx.se/docs/adv_20150108B.html

SECUNIA - 62361

UBUNTU - USN-2474-1

SUSE - openSUSE-SU-2015:0248

MANDRIVA - MDVSA-2015:021

CONFIRM - http://advisories.mageia.org/MGASA-2015-0020.html

FEDORA - FEDORA-2015-0415

FEDORA - FEDORA-2015-0418

FEDORA - FEDORA-2015-6853

FEDORA - FEDORA-2015-6864

CONFIRM - https://support.apple.com/kb/HT205031

APPLE - APPLE-SA-2015-08-13-2


Last Updated: 27 May 2016 11:07:33