Home CVE Database CVE-2014-8150

CVE-2014-8150

Description

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.CWE-93: CWE-93: Improper Neutralization of CRLF Sequences (\'CRLF Injection\')

Priority: Medium
CVSS v3: 0.0
Publish Date: Jan 15, 2015
Related ID: --
CVSS v2: 4.3
Modified Date: Jan 22, 2015

Find out more about CVE-2014-8150 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Not Vulnerable -- -- --
Wind River Linux 9 Not Vulnerable -- -- --
Wind River Linux 8 Not Vulnerable -- -- --
Wind River Linux LTS 18 Not Vulnerable -- -- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Not Vulnerable -- -- --
VxWorks
VxWorks 7 Fixed -- webcli_curl-7.50.3.0 --
VxWorks 6.9 Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Investigate -- -- --
Linux 7 CGP Investigate -- -- --

Comments

libcurl

Live chat
Online