Vulnerability Description
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.1, <= 7.57.0 |
| Debian | Debian Linux | 7.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.4 |
| Redhat | Enterprise Linux Server Eus | 7.4 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Fujitsu | M10-1 Firmware | < xcp2361 |
| Fujitsu | M10-1 | - |
| Fujitsu | M10-4 Firmware | < xcp2361 |
| Fujitsu | M10-4 | - |
| Fujitsu | M10-4S Firmware | < xcp2361 |
| Fujitsu | M10-4S | - |
| Fujitsu | M12-1 Firmware | < xcp2361 |
| Fujitsu | M12-1 | - |
| Fujitsu | M12-2 Firmware | < xcp2361 |
| Fujitsu | M12-2 | - |
| Fujitsu | M12-2S Firmware | < xcp2361 |
| Fujitsu | M12-2S | - |
References
- http://www.openwall.com/lists/oss-security/2022/04/27/4Mailing ListThird Party Advisory
- http://www.securitytracker.com/id/1040274Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3157Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3558Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1543Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0544Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0594Third Party Advisory
- https://curl.haxx.se/docs/adv_2018-b3bf.htmlPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/01/msg00038.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/3554-1/Third Party Advisory
- https://usn.ubuntu.com/3554-2/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4098Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/04/27/4Mailing ListThird Party Advisory
FAQ
What is CVE-2018-1000007?
CVE-2018-1000007 is a vulnerability with a CVSS score of 9.8 (CRITICAL). libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host...
How severe is CVE-2018-1000007?
CVE-2018-1000007 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000007?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.