Details of VAR-201505-0084

ID

VAR-201505-0084

CVE

CVE-2015-3153

TITLE

cURL and libcurl Vulnerability in which important information is obtained in default settings

Trust: 0.8

sources: JVNDB: JVNDB-2015-002535

DESCRIPTION

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. cURL/libcURL is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Versions prior to cURL/libcURL 7.42.1 are vulnerable. Both Haxx curl and libcurl are products of the Swedish company Haxx. curl is a set of file transfer tools that use URL syntax to work on the command line. libcurl is a free, open source client-side URL transfer library. ============================================================================ Ubuntu Security Notice USN-2591-1 April 30, 2015 curl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143) Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3144) Hanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. If a user or automated system were tricked into parsing a specially crafted cookie, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3145) Isaac Boukris discovered that when using Negotiate authenticated connections, curl could incorrectly authenticate the entire connection and not just specific HTTP requests. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2 Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4 Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5 Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2591-1 CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153 Package Information: https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2 https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14 . For the stable distribution (jessie), this problem has been fixed in version 7.38.0-4+deb8u2. For the testing distribution (stretch), this problem will be fixed in version 7.42.1-1. For the unstable distribution (sid), this problem has been fixed in version 7.42.1-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVQRUAAAoJEK+lG9bN5XPL2EoP/R4lDm9GEKBSvQBeSGLn7y2Z GWY5olgtUd5s4/zJ+E+McGMyhYf6Fj2lnec/7SMT7Unk2nwZJb0G1Zi8STMu0FKV OGwqbZwMeac1rvR80U1vrTOmOTNFiu2xEGa4cGf7Pw4u+dOCtBDXSiKhAxGljfxf C6ooSfrMw1+UgHMuOcWqXkOO2bfbrm+vRlq8pAZMMhbMvbqUUeRaJ5T0+n2J8rXw bUOtjNXdJ2S64Ci+2VSNfvrIHoFzPVKFcUq/w3WwmXORtWVtrbKA07DoNknLNbvb OhYB4kqS3SmHzHvKoggBJ+CUFQatp8b8PwZwxoBuZTNG4BtUoXogAbATcWiNxlIJ 1+tw0uTtorUH8Shcg3twa6jAimiTyx2mrFXkcDTvkPWsiidvviaRjaKKh1vk6jQX PraF0+qqF0xFmeZiM4jMySF+O2PCdZVqTD6cdDOpvtCl+nnaHNTM9aOflJ2u/sy9 Mt7mFiEvOm56fKcwmmB8SQIc6jsvLSN86UELvBgxxUw5+Pg7QFnc25Ax01FcKNd5 FWWllwQHhvlWtWn/sj1nw8N1VnrzhG8TAn5pWccrwD5zbWT86/IgZVK2j1euase8 jbTEFetajJYE0XBeD0aXhGxO0h+0rp7pjHRlPbbREFQf5MqaB6LURPoSyCfWdxkN Tn26Gc16Uz/NwnNfmCxT =5rwp -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2015-3153 // JVNDB: JVNDB-2015-002535 // BID: 74408 // VULHUB: VHN-81114 // VULMON: CVE-2015-3153 // PACKETSTORM: 131699 // PACKETSTORM: 131691

AFFECTED PRODUCTS

vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.2.0	Trust: 1.6
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.3.0	Trust: 1.6
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.2.1	Trust: 1.6
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.10	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.4	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	haxx	model:	libcurl	scope:	lte	version:	7.42.0	Trust: 1.0
vendor:	haxx	model:	curl	scope:	lte	version:	7.42.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	lte	version:	12.1.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.1	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	eq	version:	(vivid)	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	12.04 lts	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	14.04 lts	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	14.10	Trust: 0.8
vendor:	haxx	model:	curl	scope:	lt	version:	7.42.1	Trust: 0.8
vendor:	haxx	model:	libcurl	scope:	lt	version:	7.42.1	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.4	Trust: 0.8
vendor:	oracle	model:	mysql	scope:	lte	version:	enterprise monitor 2.3.20	Trust: 0.8
vendor:	oracle	model:	mysql	scope:	lte	version:	enterprise monitor 3.0.22	Trust: 0.8
vendor:	oracle	model:	enterprise manager	scope:	lt	version:	grid control of enterprise manager ops center 12.1.4	Trust: 0.8
vendor:	oracle	model:	enterprise manager	scope:	eq	version:	grid control of enterprise manager ops center 12.2.0	Trust: 0.8
vendor:	oracle	model:	enterprise manager	scope:	eq	version:	grid control of enterprise manager ops center 12.2.1	Trust: 0.8
vendor:	oracle	model:	enterprise manager	scope:	eq	version:	grid control of enterprise manager ops center 12.3.0	Trust: 0.8
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.1.3	Trust: 0.6
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	11.1	Trust: 0.3
vendor:	mcafee	model:	agent	scope:	eq	version:	4.00.0200	Trust: 0.3
vendor:	mcafee	model:	agent	scope:	eq	version:	4.0.0.1421	Trust: 0.3
vendor:	mcafee	model:	agent	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.1.2.2	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.1.1.5	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.1.1.4	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.1.0.1	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.0.1.4	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.0.1.2	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.0.0.5	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.0.0.4	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.0	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 74408 // JVNDB: JVNDB-2015-002535 // CNNVD: CNNVD-201505-010 // NVD: CVE-2015-3153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3153
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3153
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-010
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81114
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-3153
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3153
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81114
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81114 // VULMON: CVE-2015-3153 // JVNDB: JVNDB-2015-002535 // CNNVD: CNNVD-201505-010 // NVD: CVE-2015-3153

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-81114 // JVNDB: JVNDB-2015-002535 // NVD: CVE-2015-3153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-010

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201505-010

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002535

PATCH

title:	APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Trust: 0.8
title:	HT205031	url:	https://support.apple.com/en-us/HT205031	Trust: 0.8
title:	HT205031	url:	https://support.apple.com/ja-jp/HT205031	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - January 2016	url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2015	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Trust: 0.8
title:	sensitive HTTP server headers also sent to proxies	url:	http://curl.haxx.se/docs/adv_20150429.html	Trust: 0.8
title:	October 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2015_critical_patch_update	Trust: 0.8
title:	January 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/january_2016_critical_patch_update	Trust: 0.8
title:	USN-2591-1	url:	http://www.ubuntu.com/usn/USN-2591-1/	Trust: 0.8
title:	Debian Security Advisories: DSA-3240-1 curl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=51935098e184b5220edf32459f592b54	Trust: 0.1
title:	Red Hat: CVE-2015-3153	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3153	Trust: 0.1
title:	Ubuntu Security Notice: curl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2591-1	Trust: 0.1
title:	Apple: OS X Yosemite v10.10.5 and Security Update 2015-006	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=9834d0d73bf28fb80d3390930bafd906	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=63802a6c83b107c4e6e0c7f9241a66a8	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=744c19dc9f4f70ad58059bf8733ec9c1	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385	Trust: 0.1

sources: VULMON: CVE-2015-3153 // JVNDB: JVNDB-2015-002535

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3153	Trust: 3.1
db:	BID	id:	74408	Trust: 1.5
db:	JUNIPER	id:	JSA10743	Trust: 1.5
db:	MCAFEE	id:	SB10131	Trust: 1.5
db:	SECTRACK	id:	1032233	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002535	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-010	Trust: 0.7
db:	PACKETSTORM	id:	131691	Trust: 0.2
db:	VULHUB	id:	VHN-81114	Trust: 0.1
db:	VULMON	id:	CVE-2015-3153	Trust: 0.1
db:	PACKETSTORM	id:	131699	Trust: 0.1

sources: VULHUB: VHN-81114 // VULMON: CVE-2015-3153 // BID: 74408 // JVNDB: JVNDB-2015-002535 // PACKETSTORM: 131699 // PACKETSTORM: 131691 // CNNVD: CNNVD-201505-010 // NVD: CVE-2015-3153

REFERENCES

url:	http://www.ubuntu.com/usn/usn-2591-1	Trust: 1.9
url:	http://curl.haxx.se/docs/adv_20150429.html	Trust: 1.8
url:	http://www.debian.org/security/2015/dsa-3240	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Trust: 1.5
url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Trust: 1.5
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10131	Trust: 1.4
url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html	Trust: 1.2
url:	http://www.securityfocus.com/bid/74408	Trust: 1.2
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Trust: 1.2
url:	https://support.apple.com/kb/ht205031	Trust: 1.2
url:	http://www.securitytracker.com/id/1032233	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html	Trust: 1.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10743	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3153	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3153	Trust: 0.8
url:	http://curl.haxx.se/	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1217341	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10743&cat=sirt_1&actp=list	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html	Trust: 0.3
url:	http://www.ibm.com/support/docview.wss?uid=swg21903010	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21967448	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21957883	Trust: 0.3
url:	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21967789	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3153	Trust: 0.2
url:	http://www.debian.org/security/	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10743	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10131	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39036	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3153	Trust: 0.1
url:	https://usn.ubuntu.com/2591-1/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3143	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3144	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3145	Trust: 0.1
url:	http://www.debian.org/security/faq	Trust: 0.1

CREDITS

Martin Prpic

Trust: 0.3

sources: BID: 74408

SOURCES

db:	VULHUB	id:	VHN-81114
db:	VULMON	id:	CVE-2015-3153
db:	BID	id:	74408
db:	JVNDB	id:	JVNDB-2015-002535
db:	PACKETSTORM	id:	131699
db:	PACKETSTORM	id:	131691
db:	CNNVD	id:	CNNVD-201505-010
db:	NVD	id:	CVE-2015-3153

LAST UPDATE DATE

2024-08-14T12:56:50.572000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81114	date:	2018-10-17T00:00:00
db:	VULMON	id:	CVE-2015-3153	date:	2018-10-17T00:00:00
db:	BID	id:	74408	date:	2016-07-06T14:27:00
db:	JVNDB	id:	JVNDB-2015-002535	date:	2016-01-28T00:00:00
db:	CNNVD	id:	CNNVD-201505-010	date:	2015-05-08T00:00:00
db:	NVD	id:	CVE-2015-3153	date:	2018-10-17T01:29:25.897

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81114	date:	2015-05-01T00:00:00
db:	VULMON	id:	CVE-2015-3153	date:	2015-05-01T00:00:00
db:	BID	id:	74408	date:	2015-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-002535	date:	2015-05-07T00:00:00
db:	PACKETSTORM	id:	131699	date:	2015-04-30T15:48:24
db:	PACKETSTORM	id:	131691	date:	2015-04-30T15:45:42
db:	CNNVD	id:	CNNVD-201505-010	date:	2015-05-04T00:00:00
db:	NVD	id:	CVE-2015-3153	date:	2015-05-01T15:59:05.817