CVE-2018-1000007

MEDIUM

Description

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

References

http://www.securitytracker.com/id/1040274

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2018:3157

https://access.redhat.com/errata/RHSA-2018:3558

https://access.redhat.com/errata/RHSA-2019:1543

https://access.redhat.com/errata/RHSA-2020:0544

https://access.redhat.com/errata/RHSA-2020:0594

https://curl.haxx.se/docs/adv_2018-b3bf.html

https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html

https://usn.ubuntu.com/3554-1/

https://usn.ubuntu.com/3554-2/

https://www.debian.org/security/2018/dsa-4098

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Details

Source: MITRE

Published: 2018-01-24

Updated: 2020-08-24

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
134066RHEL 7 : curl (RHSA-2020:0594)NessusRed Hat Local Security Checks
high
133787RHEL 7 : curl (RHSA-2020:0544)NessusRed Hat Local Security Checks
high
127212NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Multiple Vulnerabilities (NS-SA-2019-0039)NessusNewStart CGSL Local Security Checks
high
125003EulerOS Virtualization 3.0.1.0 : curl (EulerOS-SA-2019-1550)NessusHuawei Local Security Checks
high
124993EulerOS Virtualization for ARM 64 3.0.1.0 : curl (EulerOS-SA-2019-1540)NessusHuawei Local Security Checks
critical
123892EulerOS Virtualization 2.5.4 : curl (EulerOS-SA-2019-1206)NessusHuawei Local Security Checks
medium
123858EulerOS Virtualization 2.5.3 : curl (EulerOS-SA-2019-1172)NessusHuawei Local Security Checks
medium
121916Photon OS 2.0: Curl PHSA-2018-2.0-0016NessusPhotonOS Local Security Checks
high
121808Photon OS 1.0: Curl PHSA-2018-1.0-0108NessusPhotonOS Local Security Checks
high
121048Amazon Linux 2 : nss-pem (ALAS-2019-1139)NessusAmazon Linux Local Security Checks
high
120990EulerOS 2.0 SP5 : curl (EulerOS-SA-2019-1002)NessusHuawei Local Security Checks
medium
119916EulerOS 2.0 SP2 : curl (EulerOS-SA-2018-1427)NessusHuawei Local Security Checks
medium
119529EulerOS 2.0 SP3 : curl (EulerOS-SA-2018-1401)NessusHuawei Local Security Checks
medium
119180Scientific Linux Security Update : curl and nss-pem on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
high
118996CentOS 7 : curl / nss-pem (CESA-2018:3157)NessusCentOS Local Security Checks
high
118775Oracle Linux 7 : curl / nss-pem (ELSA-2018-3157)NessusOracle Linux Local Security Checks
high
118532RHEL 7 : curl and nss-pem (RHSA-2018:3157)NessusRed Hat Local Security Checks
high
111919Photon OS 1.0: Curl / Postgresql PHSA-2018-1.0-0108 (deprecated)NessusPhotonOS Local Security Checks
high
111286Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated)NessusPhotonOS Local Security Checks
high
109122Amazon Linux 2 : curl (ALAS-2018-951)NessusAmazon Linux Local Security Checks
medium
108925GLSA-201804-04 : cURL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
106930Amazon Linux AMI : curl (ALAS-2018-951)NessusAmazon Linux Local Security Checks
medium
106558Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : curl vulnerabilities (USN-3554-1)NessusUbuntu Local Security Checks
medium
106517Fedora 26 : curl (2018-85655b12b6)NessusFedora Local Security Checks
medium
106510Fedora 27 : curl (2018-241a5a2409)NessusFedora Local Security Checks
medium
106464Debian DLA-1263-1 : curl security updateNessusDebian Local Security Checks
medium
106435SUSE SLES11 Security Update : curl (SUSE-SU-2018:0230-1)NessusSuSE Local Security Checks
medium
106433openSUSE Security Update : curl (openSUSE-2018-98)NessusSuSE Local Security Checks
medium
106424FreeBSD : cURL -- Multiple vulnerabilities (0cbf0fa6-dcb7-469c-b87a-f94cffd94583)NessusFreeBSD Local Security Checks
medium
106412Debian DSA-4098-1 : curl - security updateNessusDebian Local Security Checks
medium
106346SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0217-1)NessusSuSE Local Security Checks
medium
106309Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-024-01)NessusSlackware Local Security Checks
medium