CVE-2018-1000007
curl: HTTP authentication leak in redirects
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
libcurl, desde la versión 7.1 hasta la 7.57.0, podría filtrar accidentalmente datos de autenticación a terceros. Cuando se le solicita que envíe cabeceras personalizadas en sus peticiones HTTP, libcurl enviará primero ese conjunto de cabeceras al host en la URL inicial pero también, si se le pide que siga redirecciones y se devuelve un código de respuesta HTTP 30X al host mencionado en la URL en el valor de la cabecera de respuesta "Location:". El envío de la misma serie de cabeceras a hosts subsecuentes es un problema en particular para las aplicaciones que pasan cabeceras "Authorization:" personalizadas, ya que esta cabecera suele contener información sensible de privacidad o datos que podrían permitir que otros suplanten la petición del cliente que emplea libcurl.
It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-22 CVE Reserved
- 2018-01-24 CVE Published
- 2024-03-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/04/27/4 | Mailing List |
|
| http://www.securitytracker.com/id/1040274 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://curl.haxx.se/docs/adv_2018-b3bf.html | 2022-06-13 | |
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | 2022-06-13 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2019:0327 | 2022-06-13 | |
| https://access.redhat.com/errata/RHSA-2018:3157 | 2022-06-13 | |
| https://access.redhat.com/errata/RHSA-2018:3558 | 2022-06-13 | |
| https://access.redhat.com/errata/RHSA-2019:1543 | 2022-06-13 | |
| https://access.redhat.com/errata/RHSA-2020:0544 | 2022-06-13 | |
| https://access.redhat.com/errata/RHSA-2020:0594 | 2022-06-13 | |
| https://usn.ubuntu.com/3554-1 | 2022-06-13 | |
| https://usn.ubuntu.com/3554-2 | 2022-06-13 | |
| https://www.debian.org/security/2018/dsa-4098 | 2022-06-13 | |
| https://access.redhat.com/security/cve/CVE-2018-1000007 | 2020-02-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1537125 | 2020-02-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp2361 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp2361" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp2361 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp2361" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp2361 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp2361" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp2361 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp2361" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp2361 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp2361" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp2361 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp2361" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-1 Firmware Search vendor "Fujitsu" for product "M10-1 Firmware" | < xcp3070 Search vendor "Fujitsu" for product "M10-1 Firmware" and version " < xcp3070" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-1 Search vendor "Fujitsu" for product "M10-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4 Firmware Search vendor "Fujitsu" for product "M10-4 Firmware" | < xcp3070 Search vendor "Fujitsu" for product "M10-4 Firmware" and version " < xcp3070" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4 Search vendor "Fujitsu" for product "M10-4" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M10-4s Firmware Search vendor "Fujitsu" for product "M10-4s Firmware" | < xcp3070 Search vendor "Fujitsu" for product "M10-4s Firmware" and version " < xcp3070" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M10-4s Search vendor "Fujitsu" for product "M10-4s" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-1 Firmware Search vendor "Fujitsu" for product "M12-1 Firmware" | < xcp3070 Search vendor "Fujitsu" for product "M12-1 Firmware" and version " < xcp3070" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-1 Search vendor "Fujitsu" for product "M12-1" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2 Firmware Search vendor "Fujitsu" for product "M12-2 Firmware" | < xcp3070 Search vendor "Fujitsu" for product "M12-2 Firmware" and version " < xcp3070" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2 Search vendor "Fujitsu" for product "M12-2" | - | - |
Safe
|
| Fujitsu Search vendor "Fujitsu" | M12-2s Firmware Search vendor "Fujitsu" for product "M12-2s Firmware" | < xcp3070 Search vendor "Fujitsu" for product "M12-2s Firmware" and version " < xcp3070" | - |
Affected
| in | Fujitsu Search vendor "Fujitsu" | M12-2s Search vendor "Fujitsu" for product "M12-2s" | - | - |
Safe
|
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | >= 7.1 <= 7.57.0 Search vendor "Haxx" for product "Curl" and version " >= 7.1 <= 7.57.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||