CVE-2018-1000007

high-risk

Published 2018-01-24

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Do I need to act?

3.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Curl

Debian Linux

Ubuntu Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

M10-1 Firmware

M10-4 Firmware

M10-4S Firmware

M12-1 Firmware

M12-2 Firmware

M12-2S Firmware

Affected Vendors

Debian Redhat Fujitsu Canonical Haxx

References (28)

Mailing List http://www.openwall.com/lists/oss-security/2022/04/27/4

Third Party Advisory http://www.securitytracker.com/id/1040274

Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3157

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3558

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1543

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0544

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0594

Patch https://curl.haxx.se/docs/adv_2018-b3bf.html

Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html

Third Party Advisory https://usn.ubuntu.com/3554-1/

Third Party Advisory https://usn.ubuntu.com/3554-2/

Third Party Advisory https://www.debian.org/security/2018/dsa-4098

Patch https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Mailing List http://www.openwall.com/lists/oss-security/2022/04/27/4

Third Party Advisory http://www.securitytracker.com/id/1040274

Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3157

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3558

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1543

and 8 more references

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 7/34 · Low

Exposure 20/34 · Moderate