CVE-2018-1000007

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

References

http://www.securitytracker.com/id/1040274

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2018:3157

https://access.redhat.com/errata/RHSA-2018:3558

https://access.redhat.com/errata/RHSA-2019:1543

https://access.redhat.com/errata/RHSA-2020:0544

https://access.redhat.com/errata/RHSA-2020:0594

https://curl.haxx.se/docs/adv_2018-b3bf.html

https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html

https://usn.ubuntu.com/3554-1/

https://usn.ubuntu.com/3554-2/

https://www.debian.org/security/2018/dsa-4098

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Details

Source: MITRE

Published: 2018-01-24

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
134066RHEL 7 : curl (RHSA-2020:0594)NessusRed Hat Local Security Checks
critical
133787RHEL 7 : curl (RHSA-2020:0544)NessusRed Hat Local Security Checks
critical
127212NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Multiple Vulnerabilities (NS-SA-2019-0039)NessusNewStart CGSL Local Security Checks
critical
125003EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1550)NessusHuawei Local Security Checks
critical
124993EulerOS Virtualization for ARM 64 3.0.1.0 : curl (EulerOS-SA-2019-1540)NessusHuawei Local Security Checks
critical
123892EulerOS Virtualization 2.5.4 : curl (EulerOS-SA-2019-1206)NessusHuawei Local Security Checks
critical
123858EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)NessusHuawei Local Security Checks
critical
121916Photon OS 2.0: Curl PHSA-2018-2.0-0016NessusPhotonOS Local Security Checks
critical
121808Photon OS 1.0: Curl PHSA-2018-1.0-0108NessusPhotonOS Local Security Checks
critical
121048Amazon Linux 2 : nss-pem (ALAS-2019-1139)NessusAmazon Linux Local Security Checks
critical
120990EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)NessusHuawei Local Security Checks
critical
119916EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1427)NessusHuawei Local Security Checks
critical
119529EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1401)NessusHuawei Local Security Checks
critical
119180Scientific Linux Security Update : curl and nss-pem on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
critical
118996CentOS 7 : curl / nss-pem (CESA-2018:3157)NessusCentOS Local Security Checks
critical
118775Oracle Linux 7 : curl / nss-pem (ELSA-2018-3157)NessusOracle Linux Local Security Checks
critical
118532RHEL 7 : curl and nss-pem (RHSA-2018:3157)NessusRed Hat Local Security Checks
critical
111919Photon OS 1.0: Curl / Postgresql PHSA-2018-1.0-0108 (deprecated)NessusPhotonOS Local Security Checks
critical
111286Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated)NessusPhotonOS Local Security Checks
critical
109122Amazon Linux 2 : curl (ALAS-2018-951)NessusAmazon Linux Local Security Checks
critical
108925GLSA-201804-04 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
106930Amazon Linux AMI : curl (ALAS-2018-951)NessusAmazon Linux Local Security Checks
critical
106558Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : curl vulnerabilities (USN-3554-1)NessusUbuntu Local Security Checks
critical
106517Fedora 26 : curl (2018-85655b12b6)NessusFedora Local Security Checks
critical
106510Fedora 27 : curl (2018-241a5a2409)NessusFedora Local Security Checks
critical
106464Debian DLA-1263-1 : curl security updateNessusDebian Local Security Checks
critical
106435SUSE SLES11 Security Update : curl (SUSE-SU-2018:0230-1)NessusSuSE Local Security Checks
critical
106433openSUSE Security Update : curl (openSUSE-2018-98)NessusSuSE Local Security Checks
critical
106424FreeBSD : cURL -- Multiple vulnerabilities (0cbf0fa6-dcb7-469c-b87a-f94cffd94583)NessusFreeBSD Local Security Checks
critical
106412Debian DSA-4098-1 : curl - security updateNessusDebian Local Security Checks
critical
106346SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0217-1)NessusSuSE Local Security Checks
critical
106309Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-024-01)NessusSlackware Local Security Checks
critical