CVE-2018-1000007

CWE-200Information ExposureCWE-522Insufficiently Protected CredentialsCWE-601Open Redirect21 documents11 sources
Severity
9.8CRITICAL
EPSS
3.9%
top 11.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Fujitsu M10-1 FirmwareFujitsu M10-4 FirmwareFujitsu M10-4s Firmware+11 more
Timeline
PublishedJan 24
Latest updateJan 4

Description

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorizati

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

NVDfujitsu/m10-1_firmware< xcp2361+1
NVDfujitsu/m10-4_firmware< xcp2361+1
NVDfujitsu/m12-1_firmware< xcp2361+1
NVDfujitsu/m12-2_firmware< xcp2361+1
NVDfujitsu/m10-4s_firmware< xcp2361+1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.5

Patches

Patch: curl.haxx.sePatch: www.oracle.comPatch: curl.haxx.se

🔴Vulnerability Details

5
GHSA
GHSA-g7x2-hrfp-pv5f: libcurl 72022-04-30
GHSA
Unsafe HTTP Redirect in Puppet Agent and Puppet Server2021-12-02
OSV
curl vulnerabilities2018-01-31
OSV
CVE-2018-1000007: libcurl 72018-01-24
CVEList
CVE-2018-1000007: libcurl 72018-01-24

📋Vendor Advisories

8
Red Hat
puppet: unsafe HTTP redirect2021-11-09
Microsoft
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin a related issue to CVE-2018-1000007.2021-04-13
Red Hat
wget: authorization header disclosure on redirect2019-10-04
Red Hat
gradle: sends authentication credentials originally destined for the configured host2019-08-14
Ubuntu
curl vulnerability2018-02-01

💬Community

7
HackerOne
Alt-Svc bypasses credential leak protection (CVE-2018-1000007)2026-01-04
Bugzilla
CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host2019-09-27
Bugzilla
wget: HTTP authentication leak in redirects2019-09-11
Bugzilla
CVE-2018-1000007 mingw-curl: curl: HTTP authentication leak in redirects [epel-7]2018-01-24
Bugzilla
CVE-2018-1000007 curl: HTTP authentication leak in redirects [fedora-all]2018-01-24