CVE-2018-1000007 : libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Published 2018-01-24 22:29:00

Updated 2022-06-13 19:10:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2018-1000007

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
Fujitsu » M10-1 Firmware
Versions before (<) xcp2361
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M10-1 » Version: N/A
Fujitsu » M10-1 Firmware
Versions before (<) xcp3070
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M10-1 » Version: N/A
Fujitsu » M10-4 Firmware
Versions before (<) xcp3070
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M10-4 » Version: N/A
Fujitsu » M10-4 Firmware
Versions before (<) xcp2361
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M10-4 » Version: N/A
Fujitsu » M10-4s Firmware
Versions before (<) xcp3070
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M10-4s » Version: N/A
Fujitsu » M10-4s Firmware
Versions before (<) xcp2361
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M10-4s » Version: N/A
Fujitsu » M12-1 Firmware
Versions before (<) xcp2361
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M12-1 » Version: N/A
Fujitsu » M12-1 Firmware
Versions before (<) xcp3070
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M12-1 » Version: N/A
Fujitsu » M12-2 Firmware
Versions before (<) xcp2361
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M12-2 » Version: N/A
Fujitsu » M12-2 Firmware
Versions before (<) xcp3070
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M12-2 » Version: N/A
Fujitsu » M12-2s Firmware
Versions before (<) xcp3070
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M12-2s » Version: N/A
Fujitsu » M12-2s Firmware
Versions before (<) xcp2361
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fujitsu » M12-2s » Version: N/A
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Matching versions
Haxx » Curl
Versions from including (>=) 7.1 and up to, including, (<=) 7.57.0
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-1000007

EPSS FAQ

3.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1000007

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-1000007

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Page not found | Oracle
Patch;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHBA-2019:0327

RHBA-2019:0327 - Bug Fix Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://curl.haxx.se/docs/adv_2018-b3bf.html

curl - HTTP authentication leak in redirects - CVE-2018-1000007
Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html

[SECURITY] [DLA 1263-1] curl security update
Mailing List;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3157

RHSA-2018:3157 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1040274

cURL HTTP Redirect Processing May Let Remote Users Obtain Potentially Sensitive Information from Custom Authentication Headers - SecurityTracker
Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2018:3558

RHSA-2018:3558 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4098

Debian -- Security Information -- DSA-4098-1 curl
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0544

RHSA-2020:0544 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:1543

RHSA-2019:1543 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0594

RHSA-2020:0594 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3554-2/

USN-3554-2: curl vulnerability | Ubuntu security notices
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/27/4

oss-security - [SECURITY ADVISORY] curl auth/cookie leak on redirect
Mailing List;Third Party Advisory
https://usn.ubuntu.com/3554-1/

USN-3554-1: curl vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-1000007

Products affected by CVE-2018-1000007

Exploit prediction scoring system (EPSS) score for CVE-2018-1000007

CVSS scores for CVE-2018-1000007

References for CVE-2018-1000007