Skip to main content

Enterprise Manager Ops Center CVE-2015-3153

MEDIUM
Information Exposure (CWE-200)
2015-05-01 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 01, 2015 - 15:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

AnalysisAI

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. Affected products include: Oracle Enterprise Manager Ops Center, Haxx Curl, Haxx Libcurl, Canonical Ubuntu Linux, Apple Mac Os X. Version information: before 7.42.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2014-0226 MEDIUM POC
6.8 Jul 20

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denia

CVE-2013-5704 MEDIUM POC
5.0 Apr 15

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directiv

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

CVE-2016-5387 HIGH
8.1 Jul 19

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from t

CVE-2019-5436 HIGH POC
7.8 May 28

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4

CVE-2021-3177 CRITICAL POC
9.8 Jan 19

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execu

CVE-2020-11984 CRITICAL POC
9.8 Aug 07

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8)

CVE-2019-3822 CRITICAL POC
9.8 Feb 06

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (

CVE-2018-1270 CRITICAL POC
9.8 Apr 06

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow app

CVE-2021-40438 CRITICAL POC
9.0 Sep 16

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.4

CVE-2021-29505 HIGH POC
8.8 May 28

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerabili

Share

CVE-2015-3153 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy