curl / Docs / curl CVEs / Proxy Authentication Header Information Leakage

CVE-2003-1605

Proxy Authentication Header Information Leakage

Project curl Security Advisory, August 3rd 2003 - Permalink

VULNERABILITY

When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server.

INFO

securityfocus.com referred to it as BID 8432

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-1605 to this issue.

CWE-201: Information Exposure Through Sent Data

Severity: High

AFFECTED VERSIONS

SOLUTION

TIMELINE

This was not reported using the regular means so we did not make a standard time line for this issue.

CREDITS

We have no recording of who reported this.