Vigil@nce - cURL: headers sent to the proxy
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can capture headers sent by cURL to the proxy, in
order to obtain sensitive information.
– Impacted products: cURL, Debian, openSUSE, Shibboleth Service
Provider, Ubuntu
– Severity: 2/4
– Creation date: 29/04/2015
DESCRIPTION OF THE VULNERABILITY
The cURL product can be configured to use a proxy to reach remote
servers.
The "—header" option (or CURLOPT_HTTPHEADER) of cURL allows users
to define additional headers for the HTTP query. However, by
default, these headers are also sent to the proxy, even if the
session to the remote server uses TLS.
An attacker can therefore capture headers sent by cURL to the
proxy, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/cURL-headers-sent-to-the-proxy-16752