Executive Summary

Informations
NameCVE-2018-1000007First vendor Publication2018-01-24
VendorCveLast vendor Modification2019-06-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application134
Os4
Os3
Os1
Os1
Os1

Nessus® Vulnerability Scanner

DateDescription
2019-01-10Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2019-1139.nasl - Type : ACT_GATHER_INFO
2019-01-08Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2019-1002.nasl - Type : ACT_GATHER_INFO
2018-12-28Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1427.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1401.nasl - Type : ACT_GATHER_INFO
2018-11-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-3157.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0108.nasl - Type : ACT_GATHER_INFO
2018-07-24Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0016.nasl - Type : ACT_GATHER_INFO
2018-04-18Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-951.nasl - Type : ACT_GATHER_INFO
2018-04-10Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201804-04.nasl - Type : ACT_GATHER_INFO
2018-02-22Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-951.nasl - Type : ACT_GATHER_INFO
2018-01-31Name : The remote Fedora host is missing a security update.
File : fedora_2018-241a5a2409.nasl - Type : ACT_GATHER_INFO
2018-01-31Name : The remote Fedora host is missing a security update.
File : fedora_2018-85655b12b6.nasl - Type : ACT_GATHER_INFO
2018-01-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1263.nasl - Type : ACT_GATHER_INFO
2018-01-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4098.nasl - Type : ACT_GATHER_INFO
2018-01-29Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_0cbf0fa6dcb7469cb87af94cffd94583.nasl - Type : ACT_GATHER_INFO
2018-01-25Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-024-01.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM https://curl.haxx.se/docs/adv_2018-b3bf.html
DEBIAN https://www.debian.org/security/2018/dsa-4098
MLIST https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html
REDHAT https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3157
https://access.redhat.com/errata/RHSA-2018:3558
https://access.redhat.com/errata/RHSA-2019:1543
SECTRACK http://www.securitytracker.com/id/1040274
UBUNTU https://usn.ubuntu.com/3554-1/
https://usn.ubuntu.com/3554-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
DateInformations
2019-09-25 12:10:22
  • Multiple Updates
2019-06-19 05:19:22
  • Multiple Updates
2019-06-07 12:09:40
  • Multiple Updates
2019-04-26 17:19:10
  • Multiple Updates
2019-04-24 12:08:28
  • Multiple Updates
2019-03-26 00:18:52
  • Multiple Updates
2018-11-17 00:21:23
  • Multiple Updates
2018-11-13 17:19:24
  • Multiple Updates
2018-10-31 13:21:21
  • Multiple Updates
2018-05-25 12:08:23
  • Multiple Updates
2018-03-21 09:19:13
  • Multiple Updates
2018-03-16 09:19:10
  • Multiple Updates
2018-02-10 00:20:17
  • Multiple Updates
2018-02-05 13:21:38
  • Multiple Updates
2018-01-28 09:20:17
  • Multiple Updates
2018-01-26 09:22:25
  • Multiple Updates
2018-01-25 05:20:44
  • First insertion