CURL-CVE-2003-1605

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2003-1605.html

Import Source

https://curl.se/docs/CURL-CVE-2003-1605.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2003-1605

Aliases

CVE-2003-1605

Published

2003-08-03T08:00:00Z

Modified

2026-05-27T01:45:20.787657898Z

Summary

Proxy Authentication Header Information Leakage

Details

When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server.

Database specific

{
    "CWE": {
        "id": "CWE-201",
        "desc": "Information Exposure Through Sent Data"
    },
    "www": "https://curl.se/docs/CVE-2003-1605.html",
    "package": "curl",
    "severity": "High",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2003-1605.json",
    "last_affected": "7.10.6"
}

References

Credits

- unknown - FINDER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

4.5

Fixed

7.10.7

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

ae1912cb0d494b48d514d937826c9fe83ec96c4d

Fixed

5c2df3e1a4da7b17ae053ee8c4ecef5eb2d30464

Affected versions

4.*

4.10

4.5

4.5.1

4.6

4.7

4.8

4.8.1

4.8.2

4.8.3

4.8.4

4.9

5.*

5.0

5.10

5.11

5.2

5.2.1

5.3

5.4

5.5

5.5.1

5.7

5.7.1

5.8

5.9

5.9.1

6.*

6.0

6.1

6.2

6.3

6.3.1

6.4

6.5

6.5.1

6.5.2

7.*

7.1

7.1.1

7.10

7.10.1

7.10.2

7.10.3

7.10.4

7.10.5

7.10.6

7.2

7.2.1

7.3

7.4

7.4.1

7.4.2

7.5

7.5.1

7.5.2

7.6

7.6.1

7.7

7.7.1

7.7.2

7.7.3

7.8

7.8.1

7.9

7.9.1

7.9.2

7.9.3

7.9.4

7.9.5

7.9.6

7.9.7

7.9.8

Other

before_urldata_rename

curl-6_5

curl-6_5_1

curl-6_5_2

curl-7_10

curl-7_10_1

curl-7_10_2

curl-7_10_3

curl-7_10_4

curl-7_10_5

curl-7_10_6

curl-7_1_1

curl-7_2

curl-7_3

curl-7_4_1

curl-7_5

curl-7_5_2

curl-7_6

curl-7_6-pre4

curl-7_6_1

curl-7_6_1-pre1

curl-7_6_1-pre2

curl-7_6_1-pre3

curl-7_7

curl-7_7-beta1

curl-7_7-beta2

curl-7_7-beta3

curl-7_7-beta5

curl-7_7_1

curl-7_7_2

curl-7_7_3

curl-7_7_alpha2

curl-7_8

curl-7_8-pre2

curl-7_8_1

curl-7_8_1-pre3

curl-7_9

curl-7_9_1

curl-7_9_2

curl-7_9_3

curl-7_9_3-pre1

curl-7_9_3-pre2

curl-7_9_3-pre3

curl-7_9_4

curl-7_9_5

curl-7_9_5-pre2

curl-7_9_5-pre4

curl-7_9_6

curl-7_9_7

curl-7_9_7-pre2

curl-7_9_8

curl_7_6-pre3

Database specific

source

"https://curl.se/docs/CURL-CVE-2003-1605.json"