Your submission was sent successfully! Close

CVE-2014-8150

Published: 8 January 2015

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Priority

Medium

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
lucid
Released (7.19.7-1ubuntu1.11)
precise
Released (7.22.0-3ubuntu4.12)
trusty
Released (7.35.0-1ubuntu2.3)
upstream
Released (7.38.0-4)
utopic
Released (7.37.1-1ubuntu3.2)