What is CVE-2015-3153?

CVE-2015-3153 is a vulnerability in Apple Mac_os_x, classified under Information Disclosure. Published 2015-05-01.

Is CVE-2015-3153 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apple Mac_os_x

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Vulnerability class: Information Disclosure

EPSS: 0.084 (92.5th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x — versions 10.10.4
Haxx Curl
Haxx Libcurl
Oracle Enterprise_manager_ops_center — versions 12.2.0, 12.2.1, 12.3.0
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
1032233 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
USN-2591-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
openSUSE-SU-2015:0861 (vendor-advisory, x_refsource_SUSE)
APPLE-SA-2015-08-13-2 (vendor-advisory, x_refsource_APPLE, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2015-3153?: CVE-2015-3153 is a vulnerability in Apple Mac_os_x, classified under Information Disclosure. Published 2015-05-01.
Is CVE-2015-3153 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.