Improper Neutralization of CRLF Sequences ('CRLF Injection')

CVE-2014-8150

Medium

4.3/10

Summary

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References

Advisory
Issue

Advisory Timeline

Published Jan 15, 2015

Improper Neutralization of CRLF Sequences ('CRLF Injection')

CVE-2014-8150

Summary

CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS