CVE-2015-3153
curl - security update
EPSS 8.4%
Description
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
How to fix CVE-2015-3153
To remediate CVE-2015-3153, upgrade the affected package to a fixed version below.
- Debian/curl—upgrade to 7.42.1-1 or later
- Debian/curl—upgrade to 7.38.0-4+deb8u2 or later
Is CVE-2015-3153 being exploited?
Moderate — EPSS is 8.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 7.42.1-1
- from 0, < 7.38.0-4+deb8u2