Launchpad CVE tracker

CVE 2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Related bugs and status

CVE-2014-8150 (Candidate) is related to these bugs:

Bug #1411353: URLs downloaded with cURL should be stripped of newlines

Summary				In	Importance	Status
	1411353	URLs downloaded with cURL should be stripped of newlines		Landscape Charm	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://curl.haxx.se/do...
DEBIAN: DSA-3122
SECUNIA: 61925
SECUNIA: 62075
SECUNIA: 62361
UBUNTU: USN-2474-1
SUSE: openSUSE-SU-2015:0248
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:021
FEDORA: FEDORA-2015-0415
FEDORA: FEDORA-2015-0418
FEDORA: FEDORA-2015-6853
FEDORA: FEDORA-2015-6864
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-08-13-2
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 71964
CONFIRM: http://kb.juniper.net/...
CONFIRM: https://kc.mcafee.com/...
GENTOO: GLSA-201701-47
SECTRACK: 1032768
REDHAT: RHSA-2015:1254

Launchpad.net

CVE 2014-8150

Related bugs and status

Related bugs

References