Docs Overview
Project
Bug Bounty Bug Report Code of conduct Dependencies Donate FAQ Features Governance History Install Known Bugs Logo TODO Web Site Info
Protocols
alt-svc CA Extract HSTS HTTP cookies HTTP/2 HTTP/3 MQTT SSL certs SSL libs compared URL syntax WebSocket
Releases
Changelog Release Table Security Problems Version Nums Vulnerabilities
Tool
Comparison Table curl man page HTTP Scripting mk-ca-bundle Tutorial
Who and Why
Companies Copyright Sponsors Thanks The name
curl / Docs / Security Problems / Proxy Authentication Header Information Leakage
Related:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities Table

Proxy Authentication Header Information Leakage

Project curl Security Advisory, August 3rd 2003 - Permalink

VULNERABILITY

When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server.

INFO

securityfocus.com referred to it as BID 8432

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-1605 to this issue.

CWE-201: Information Exposure Through Sent Data

AFFECTED VERSIONS

CREDITS

We have no recording of who reported this.