阿里云漏洞库

cURL是一款命令行传输文件工具，支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP等协议。Libcurl为一个免费开源的,客户端url传输库。

cURL和libcurl默认配置会发送定制HTTP头字段信息到代理和目的服务器，允许远程代理服务器通过读取头内容获取敏感信息。

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞：
http://curl.haxx.se/docs/adv_20150429.html

参考链接
http://curl.haxx.se/docs/adv_20150429.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html
http://www.debian.org/security/2015/dsa-3240
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/74408
http://www.securitytracker.com/id/1032233
http://www.ubuntu.com/usn/USN-2591-1
https://kc.mcafee.com/corporate/index?page=content&id=SB10131
https://support.apple.com/kb/HT205031

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	haxx	curl	*		Up to (including) 7.42.0
	运行在以下环境
	应用	haxx	libcurl	*		Up to (including) 7.42.0
	运行在以下环境
	应用	oracle	enterprise_manager_ops_center	*		Up to (including) 12.1.3
	运行在以下环境
	应用	oracle	enterprise_manager_ops_center	12.2.0	-
	运行在以下环境
	应用	oracle	enterprise_manager_ops_center	12.2.1	-
	运行在以下环境
	应用	oracle	enterprise_manager_ops_center	12.3.0	-
	运行在以下环境
	系统	debian	DPKG	*		Up to (excluding) 7.42.1-1
	运行在以下环境
	系统	debian_10	curl	*		Up to (excluding) 7.42.1-1
	运行在以下环境
	系统	debian_11	curl	*		Up to (excluding) 7.42.1-1
	运行在以下环境
	系统	debian_12	curl	*		Up to (excluding) 7.42.1-1
	运行在以下环境
	系统	fedora_EPEL_7	mingw-curl	*		Up to (excluding) 7.47.0-1.el7
	运行在以下环境
	系统	suse_11_SP3	curl	*		Up to (excluding) 7.19.7-1.38.1
	运行在以下环境
	系统	suse_12	curl	*		Up to (excluding) 7.37.0-15.1

CWE-ID	漏洞类型
CWE-200	信息暴露