Home > Vulnerability Database > CVE-2014-8150

Mend.io Vulnerability Database

CVE-2014-8150

Date: January 15, 2015

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Language: C

Severity Score

3.7

Related Resources (29)

Url: http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html

Url: http://www.securityfocus.com/bid/71964

Url: https://security-tracker.debian.org/tracker/CVE-2014-8150

Url: https://kc.mcafee.com/corporate/index?page=content&id=SB10131

Url: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Url: https://support.apple.com/kb/HT205031

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html

Url: http://advisories.mageia.org/MGASA-2015-0020.html

Url: http://secunia.com/advisories/62361

Url: http://www.ubuntu.com/usn/USN-2474-1

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2015:021

Url: https://security.gentoo.org/glsa/201701-47

Url: http://www.debian.org/security/2015/dsa-3122

Url: http://curl.haxx.se/docs/adv_20150108B.html

Url: http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Url: http://secunia.com/advisories/61925

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-8150

Url: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Url: http://rhn.redhat.com/errata/RHSA-2015-1254.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-8150

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html

Url: http://www.securitytracker.com/id/1032768

Url: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html

Url: http://secunia.com/advisories/62075

Url: https://access.redhat.com/security/cve/CVE-2014-8150

Url: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

Url: https://www.mend.io/vulnerability-database/CVE-2014-8150

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-8150

Date: January 15, 2015

Language: C

Severity Score

Related Resources (29)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?