{
  "schema_version": "1.5.0",
  "id": "CURL-CVE-2003-1605",
  "aliases": [
    "CVE-2003-1605"
  ],
  "summary": "Proxy Authentication Header Information Leakage",
  "modified": "2023-06-02T13:03:22.00Z",
  "database_specific": {
    "package": "curl",
    "affects": "both",
    "URL": "https://curl.se/docs/CVE-2003-1605.json",
    "www": "https://curl.se/docs/CVE-2003-1605.html",
    "CWE": {
      "id": "CWE-201",
      "desc": "Information Exposure Through Sent Data"
    },
    "last_affected": "7.10.6",
    "severity": "High"
  },
  "published": "2003-08-03T08:00:00.00Z",
  "affected": [
    {
      "ranges": [
        {
           "type": "SEMVER",
           "events": [
             {"introduced": "4.5"},
             {"fixed": "7.10.7"}
           ]
        },
        {
           "type": "GIT",
           "repo": "https://github.com/curl/curl.git",
           "events": [
             {"introduced": "ae1912cb0d494b48d514d937826c9fe83ec96c4d"},
             {"fixed": "5c2df3e1a4da7b17ae053ee8c4ecef5eb2d30464"}
           ]
        }
      ],
      "versions": [
        "7.10.6", "7.10.5", "7.10.4", "7.10.3", "7.10.2", "7.10.1", "7.10", 
        "7.9.8", "7.9.7", "7.9.6", "7.9.5", "7.9.4", "7.9.3", "7.9.2", 
        "7.9.1", "7.9", "7.8.1", "7.8", "7.7.3", "7.7.2", "7.7.1", 
        "7.7", "7.6.1", "7.6", "7.5.2", "7.5.1", "7.5", "7.4.2", 
        "7.4.1", "7.4", "7.3", "7.2.1", "7.2", "7.1.1", "7.1", 
        "6.5.2", "6.5.1", "6.5", "6.4", "6.3.1", "6.3", "6.2", 
        "6.1", "6.0", "5.11", "5.10", "5.9.1", "5.9", "5.8", 
        "5.7.1", "5.7", "5.5.1", "5.5", "5.4", "5.3", "5.2.1", 
        "5.2", "5.0", "4.10", "4.9", "4.8.4", "4.8.3", "4.8.2", 
        "4.8.1", "4.8", "4.7", "4.6", "4.5.1", "4.5"
      ]
    }
  ],
  "credits": [
    {
      "name": "unknown",
      "type": "FINDER"
    }
  ],
  "details": "When curl connected to a site via an HTTP proxy with the CONNECT request, the\nuser and password used for the proxy connection was also sent off to the\nremote server."
}