Oren Souroujon

**Name of the Vulnerable Software and Affected Versions** libcurl versions prior to 7.42.1 **Description** The issue arises from the default configuration of libcurl, where custom HTTP headers are sent to both the proxy and destination server. This might allow remote proxy servers to obtain sensitive information by reading the header contents. The problem occurs when the connection passes through an HTTP proxy, and the same set of headers is sent to the proxy as well by default. This can happen when using the HTTPS protocol or when explicitly asked for, and the initial connection to the proxy is made in clear, including any custom headers using the HTTP CONNECT method. If an application sets a custom HTTP header with sensitive content, such as authentication cookies, without changing the default, the proxy and anyone who listens to the traffic between the application and the proxy might get access to those values. **Recommendations** For libcurl versions prior to 7.42.1, consider using the `CURLOPT HEADEROPT` option to tell libcurl to send separate lists of headers to the different destinations, or update to version 7.42.1 or later. As a temporary workaround, consider avoiding the use of custom HTTP headers with sensitive content or using the `CURLOPT COOKIE` option, which is always sent only to the destination server.