#include "_doctype.html" #define FLAWNAME Proxy Authentication Header Information Leakage cURL - FLAWNAME #include "css.t" #include "manpage.t" #define CURL_DOCS #define CURL_URL docs/adv_20030803.html #include "_menu.html" #include "setup.t" WHERE3(Docs, "/docs/", Security, "/docs/security.html", FLAWNAME) TITLE(FLAWNAME) #include "adv-related-box.inc" SUBTITLE(Proxy Authentication Header Information Leakage)

Date:August 3, 2003
IDBID 8432
Affected versions7.1 to and including 7.10.6
Not affected versions7.10.7 and later

When curl connected to a site via an HTTP proxy with the CONNECT request, the user and password used for the proxy connection was also sent off to the remote server. #include "_footer.html"