Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
446
VMScore

CVE-2018-1000007

Published: 24/01/2018 Updated: 13/06/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Curl

Vulnerability Summary

libcurl 7.1 up to and including 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

haxx curl

debian debian linux 8.0

debian debian linux 7.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 17.10

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.4

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

fujitsu m10-1_firmware

fujitsu m10-4_firmware

fujitsu m10-4s_firmware

fujitsu m12-1_firmware

fujitsu m12-2_firmware

fujitsu m12-2s_firmware

Vendor Advisories

Debian CVElist Bug Report Logs: gradle: CVE-2019-15052
Debian Bug report logs - #941187 gradle: CVE-2019-15052 Package: src:gradle; Maintainer for src:gradle is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 26 Sep 2019 05:06:02 UTC Severity: important Tags: security, upstream Foun ...
Ubuntu Security Notice: curl vulnerability
curl could be made to expose sensitive information ...
Ubuntu Security Notice: curl vulnerabilities
Several security issues were fixed in curl ...
Debian Security Advisories: DSA-4098-1 curl -- security update
Two vulnerabilities were discovered in cURL, an URL transfer library CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers This issue doesn't affect the oldstable distribution (jessie) CVE-2018-1000007 Craig de Stigter discovered that authentication data might be leaked to thir ...
Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...
Red Hat: Moderate: httpd24 security, bug fix, and enhancement update
Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Moderate: curl security update
Synopsis Moderate: curl security update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solutions ...
Red Hat: Moderate: curl and nss-pem security and bug fix update
Synopsis Moderate: curl and nss-pem security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for curl and nss-pem is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP2 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 2 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...
Amazon Linux AMI: ALAS-2018-951
Out-of-bounds read in code handling HTTP/2 trailers:libcurl contains an out bounds read in code handling HTTP/2 trailers It was reported (githubcom/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required The problem is that the code that creates HTTP/1-like h ...
Red Hat: CVE-2018-1000007
It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply This could leak authentication token to external entities ...
Amazon Linux 2: ALAS2-2018-951
HTTP authentication leak in redirectslibcurl might accidentally leak authentication data to third parties When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in ...
Amazon Linux 2: ALAS2-2019-1139
The nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate ...
Arch Linux Issues:
libcurl might leak authentication data to third parties When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value Sending th ...

Recent Articles

libcurl has had auth leak bug since 'the first commit we recorded'
The Register • Richard Chirgwin • 25 Jan 2018

Fixed in 7.58.0

If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak. This advisory says the library can leak authentication data to third parties because of how it handles custom headers in HTTP requests. “When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X H...

Read more...

References

NVD-CWE-noinfohttps://curl.haxx.se/docs/adv_2018-b3bf.htmlhttp://www.securitytracker.com/id/1040274https://www.debian.org/security/2018/dsa-4098https://lists.debian.org/debian-lts-announce/2018/01/msg00038.htmlhttps://usn.ubuntu.com/3554-2/https://usn.ubuntu.com/3554-1/https://access.redhat.com/errata/RHSA-2018:3157https://access.redhat.com/errata/RHSA-2018:3558https://access.redhat.com/errata/RHBA-2019:0327https://access.redhat.com/errata/RHSA-2019:1543https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://access.redhat.com/errata/RHSA-2020:0544https://access.redhat.com/errata/RHSA-2020:0594http://www.openwall.com/lists/oss-security/2022/04/27/4https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941187https://nvd.nist.govhttps://usn.ubuntu.com/3554-2/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook