Proxy Authentication Header Information Leakage
Project curl Security Advisory, August 3rd 2003 - Permalink
VULNERABILITY
When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server.
INFO
securityfocus.com referred to it as BID 8432
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-1605 to this issue.
CWE-201: Information Exposure Through Sent Data
AFFECTED VERSIONS
- Affected versions: curl 4.5 to and including curl 7.10.6
- Not affected versions: curl < 4.5 and curl >= 7.10.7
CREDITS
We have no recording of who reported this.
- Reported-by: unknown