CURL-CVE-2003-1605
- Source
- https://curl.se/docs/CVE-2003-1605.html
- Import Source
- https://curl.se/docs/CURL-CVE-2003-1605.json
- JSON Data
- https://api.osv.dev/v1/vulns/CURL-CVE-2003-1605
- Aliases
- Published
- 2003-08-03T08:00:00Z
- Modified
- 2024-01-25T02:42:43.485907Z
- Summary
- Proxy Authentication Header Information Leakage
- Details
-
When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server.
- Database specific
{ "CWE": { "id": "CWE-201", "desc": "Information Exposure Through Sent Data" }, "URL": "https://curl.se/docs/CVE-2003-1605.json", "last_affected": "7.10.6", "package": "curl", "www": "https://curl.se/docs/CVE-2003-1605.html", "affects": "both", "severity": "High" }- References
-
- Credits
-
-
- unknown - FINDER
-
Affected packages
Git / github.com/curl/curl.git
Affected ranges
- Type
- SEMVER
- Events
-
Introduced4.5Fixed7.10.7
- Type
- GIT
- Repo
- https://github.com/curl/curl.git
- Events
Affected versions
4.*
4.10
4.5
4.5.1
4.6
4.7
4.8
4.8.1
4.8.2
4.8.3
4.8.4
4.9
5.*
5.0
5.10
5.11
5.2
5.2.1
5.3
5.4
5.5
5.5.1
5.7
5.7.1
5.8
5.9
5.9.1
6.*
6.0
6.1
6.2
6.3
6.3.1
6.4
6.5
6.5.1
6.5.2
7.*
7.1
7.1.1
7.10
7.10.1
7.10.2
7.10.3
7.10.4
7.10.5
7.10.6
7.2
7.2.1
7.3
7.4
7.4.1
7.4.2
7.5
7.5.1
7.5.2
7.6
7.6.1
7.7
7.7.1
7.7.2
7.7.3
7.8
7.8.1
7.9
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.6
7.9.7
7.9.8