exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2018-1000007

Status Candidate

Overview

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Related Files

Red Hat Security Advisory 2020-0594-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0594-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
SHA-256 | 5800d93843f1ea719cdba522f0012e32a8772db15e37256fc66938007179eaea
Red Hat Security Advisory 2020-0544-01
Posted Feb 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0544-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
SHA-256 | b0a7cd24faf58381d9944e0f03bca872a110b57e09834c7814f9ff0b81d45b1b
Red Hat Security Advisory 2019-1543-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-14404, CVE-2019-0211
SHA-256 | 87a60175fe0e0dde7ae7865168e89fd3521aa1306210d2d9c8b32e05f763b1a9
Red Hat Security Advisory 2018-3558-01
Posted Nov 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3558-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include buffer overflow, bypass, denial of service, heap overflow, null pointer, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-15710, CVE-2017-15715, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007
SHA-256 | 4abdca181cc67933f360c5393ddadd7197a24c99bd7985727a9e00a4d0cad5b6
Red Hat Security Advisory 2018-3157-01
Posted Oct 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3157-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. The nss-pem package provides the PEM file reader for Network Security Services implemented as a PKCS#11 module. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
SHA-256 | b81eff821df514b10d996e77ee7ce54c386215c648e2332e32ff699524042d01
Gentoo Linux Security Advisory 201804-04
Posted Apr 8, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-4 - Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Versions less than 7.59.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122
SHA-256 | 89e22b1684497025f308a16cf0042da9c12340b06f7abe3b8328b17a8dfbec68
Ubuntu Security Notice USN-3554-1
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3554-1 - It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-1000005, CVE-2018-1000007
SHA-256 | ee1405d654e5fc28965683ec21b5fffd34a6565643e1930d61b5f19285e4b446
Ubuntu Security Notice USN-3554-2
Posted Jan 31, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3554-2 - USN-3554-1 fixed vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1000007
SHA-256 | 334231f948d727c2ea5c2f9f47d2ce007628d5ce9684f64828ba1a5e91153af9
Debian Security Advisory 4098-1
Posted Jan 29, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4098-1 - Two vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-1000005, CVE-2018-1000007
SHA-256 | 376ed0f70b86b9d1733f4b3f86cbfbef6a864d40c5ef179cca6809993ca03119
Slackware Security Advisory - curl Updates
Posted Jan 25, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1000005, CVE-2018-1000007
SHA-256 | 01398895828d54da7553fa2d879d56070ae60279ad62771f069aa0f67f9f9f3b
Page 1 of 1
Back1Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    11 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close