CVE-2018-1000007

CVE-2018-1000007

Name

CVE-2018-1000007

Description

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://curl.haxx.se/docs/adv_2018-b3bf.html
Third Party Advisory	http://www.securitytracker.com/id/1040274
Third Party Advisory	https://www.debian.org/security/2018/dsa-4098
Mailing List	https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html
Third Party Advisory	https://usn.ubuntu.com/3554-2/
Third Party Advisory	https://usn.ubuntu.com/3554-1/
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3157
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3558
Third Party Advisory	https://access.redhat.com/errata/RHBA-2019:0327
REDHAT	https://access.redhat.com/errata/RHSA-2019:1543
MISC	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
REDHAT	https://access.redhat.com/errata/RHSA-2020:0544
REDHAT	https://access.redhat.com/errata/RHSA-2020:0594

Type

URI

Patch

https://curl.haxx.se/docs/adv_2018-b3bf.html

Third Party Advisory

http://www.securitytracker.com/id/1040274

Third Party Advisory

https://www.debian.org/security/2018/dsa-4098

Mailing List

https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html

Third Party Advisory

https://usn.ubuntu.com/3554-2/

Third Party Advisory

https://usn.ubuntu.com/3554-1/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3157

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3558

Third Party Advisory

https://access.redhat.com/errata/RHBA-2019:0327

REDHAT

https://access.redhat.com/errata/RHSA-2019:1543

MISC

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

REDHAT

https://access.redhat.com/errata/RHSA-2020:0544

REDHAT

https://access.redhat.com/errata/RHSA-2020:0594

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:haxx:curl::::::::`	curl	>= 7.1	<= 7.57.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

curl

>= 7.1

<= 7.57.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
curl	edge-main	7.57.0-r0	None	possibly vulnerable
curl	edge-main	7.56.1-r0	None	possibly vulnerable
curl	edge-main	7.55.0-r0	None	possibly vulnerable
curl	edge-main	7.54.0-r0	None	possibly vulnerable
curl	edge-main	7.53.1-r2	None	possibly vulnerable
curl	edge-main	7.53.0-r0	None	possibly vulnerable
curl	edge-main	7.52.1-r0	None	possibly vulnerable
curl	edge-main	7.51.0-r0	None	possibly vulnerable
curl	edge-main	7.50.3-r0	None	possibly vulnerable
curl	edge-main	7.50.2-r0	None	possibly vulnerable
curl	edge-main	7.50.1-r0	None	possibly vulnerable
curl	edge-main	7.36.0-r0	None	possibly vulnerable
curl	3.22-main	7.57.0-r0	None	possibly vulnerable
curl	3.22-main	7.56.1-r0	None	possibly vulnerable
curl	3.22-main	7.55.0-r0	None	possibly vulnerable
curl	3.22-main	7.54.0-r0	None	possibly vulnerable
curl	3.22-main	7.53.1-r2	None	possibly vulnerable
curl	3.22-main	7.53.0-r0	None	possibly vulnerable
curl	3.22-main	7.52.1-r0	None	possibly vulnerable
curl	3.22-main	7.51.0-r0	None	possibly vulnerable
curl	3.22-main	7.50.3-r0	None	possibly vulnerable
curl	3.22-main	7.50.2-r0	None	possibly vulnerable
curl	3.22-main	7.50.1-r0	None	possibly vulnerable
curl	3.22-main	7.36.0-r0	None	possibly vulnerable
curl	3.21-main	7.57.0-r0	None	possibly vulnerable
curl	3.21-main	7.56.1-r0	None	possibly vulnerable
curl	3.21-main	7.55.0-r0	None	possibly vulnerable
curl	3.21-main	7.54.0-r0	None	possibly vulnerable
curl	3.21-main	7.53.1-r2	None	possibly vulnerable
curl	3.21-main	7.53.0-r0	None	possibly vulnerable
curl	3.21-main	7.52.1-r0	None	possibly vulnerable
curl	3.21-main	7.51.0-r0	None	possibly vulnerable
curl	3.21-main	7.50.3-r0	None	possibly vulnerable
curl	3.21-main	7.50.2-r0	None	possibly vulnerable
curl	3.21-main	7.50.1-r0	None	possibly vulnerable
curl	3.21-main	7.36.0-r0	None	possibly vulnerable
curl	3.20-main	7.57.0-r0	None	possibly vulnerable
curl	3.20-main	7.56.1-r0	None	possibly vulnerable
curl	3.20-main	7.55.0-r0	None	possibly vulnerable
curl	3.20-main	7.54.0-r0	None	possibly vulnerable
curl	3.20-main	7.53.1-r2	None	possibly vulnerable
curl	3.20-main	7.53.0-r0	None	possibly vulnerable
curl	3.20-main	7.52.1-r0	None	possibly vulnerable
curl	3.20-main	7.51.0-r0	None	possibly vulnerable
curl	3.20-main	7.50.3-r0	None	possibly vulnerable
curl	3.20-main	7.50.2-r0	None	possibly vulnerable
curl	3.20-main	7.50.1-r0	None	possibly vulnerable
curl	3.20-main	7.36.0-r0	None	possibly vulnerable
curl	3.19-main	7.57.0-r0	None	possibly vulnerable
curl	3.19-main	7.56.1-r0	None	possibly vulnerable
curl	3.19-main	7.55.0-r0	None	possibly vulnerable
curl	3.19-main	7.54.0-r0	None	possibly vulnerable
curl	3.19-main	7.53.1-r2	None	possibly vulnerable
curl	3.19-main	7.53.0-r0	None	possibly vulnerable
curl	3.19-main	7.52.1-r0	None	possibly vulnerable
curl	3.19-main	7.51.0-r0	None	possibly vulnerable
curl	3.19-main	7.50.3-r0	None	possibly vulnerable
curl	3.19-main	7.50.2-r0	None	possibly vulnerable
curl	3.19-main	7.50.1-r0	None	possibly vulnerable
curl	3.19-main	7.36.0-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages