Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2014-8150

Description

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

POC

Reference

- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

- https://hackerone.com/reports/73242

- https://kc.mcafee.com/corporate/index?page=content&id=SB10131

Github

No PoCs found on GitHub currently.