CVE-2018-1000007 Information
Description
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests libcurl will send that set of headers first to the host in the initial URL but also if asked to follow redirects and a 30X HTTP response code is returned to the host mentioned in URL in the Location: response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom Authorization: headers as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client’s request.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securitytracker.com/id/1040274
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3157
https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2020:0544
https://access.redhat.com/errata/RHSA-2020:0594
https://curl.haxx.se/docs/adv_2018-b3bf.html
https://curl.haxx.se/docs/adv_2018-b3bf.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html
[debian-lts-announce]
20180129
[SECURITY]
[DLA
1263-1]
curl
security
update
https://usn.ubuntu.com/3554-1/
https://usn.ubuntu.com/3554-2/
https://www.debian.org/security/2018/dsa-4098
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
libcurl
7.1
through
7.57.0
might
accidentally
leak
authentication
data
to
third
parties.
When
asked
to
send
custom
headers
in
its
HTTP
requests
libcurl
will
send
that
set
of
headers
first
to
the
host
in
the
initial
URL
but
also
if
asked
to
follow
redirects
and
a
30X
HTTP
response
code
is
returned
to
the
host
mentioned
in
URL
in
the
Location:
response
header
value.
Sending
the
same
set
of
headers
to
subsequent
hosts
is
in
particular
a
problem
for
applications
that
pass
on
custom
Authorization:
headers
as
this
header
often
contains
privacy
sensitive
information
or
data
that
could
allow
others
to
impersonate
the
libcurl-using
client’s
request.
cpe:2.3:a:haxx:curl::::::::
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: