1. CVE-Search
  2. CVE-2018-1000007
ID CVE-2018-1000007
Summary libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
References
Vulnerable Configurations
  • cpe:2.3:a:haxx:curl:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.19.7-53:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.19.7-53:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.6:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.21.7:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:x86:*
    cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:x86:*
  • cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
  • cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:x86:*
    cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:x86:*
  • cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
    cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-1_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-1_firmware:xcp:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-1_firmware:xcp:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-1_firmware:xcp2280:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-1_firmware:xcp2280:*:*:*:*:*:*:*
  • cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*
    cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4_firmware:xcp:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4_firmware:xcp:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4_firmware:xcp2280:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4_firmware:xcp2280:*:*:*:*:*:*:*
  • cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*
    cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4s_firmware:xcp:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4s_firmware:xcp:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2280:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2280:*:*:*:*:*:*:*
  • cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*
    cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-1_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*
    cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*
    cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*
    cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-1_firmware:xcp2361:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-1_firmware:xcp2361:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-1_firmware:xcp2400:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-1_firmware:xcp2400:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-1_firmware:xcp2410:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-1_firmware:xcp2410:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4_firmware:xcp2361:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4_firmware:xcp2361:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4_firmware:xcp2400:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4_firmware:xcp2400:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4_firmware:xcp2410:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4_firmware:xcp2410:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2361:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2361:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2400:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2400:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2410:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m10-4s_firmware:xcp2410:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-1_firmware:xcp2361:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-1_firmware:xcp2361:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-1_firmware:xcp2400:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-1_firmware:xcp2400:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-1_firmware:xcp2410:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-1_firmware:xcp2410:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2_firmware:xcp2361:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2_firmware:xcp2361:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2_firmware:xcp2400:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2_firmware:xcp2400:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2_firmware:xcp2410:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2_firmware:xcp2410:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2361:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2361:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2400:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2400:*:*:*:*:*:*:*
  • cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2410:*:*:*:*:*:*:*
    cpe:2.3:o:fujitsu:m12-2s_firmware:xcp2410:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-06-2022 - 19:10)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • rhsa
    id RHBA-2019:0327
  • rhsa
    id RHSA-2018:3157
  • rhsa
    id RHSA-2018:3558
  • rhsa
    id RHSA-2019:1543
  • rhsa
    id RHSA-2020:0544
  • rhsa
    id RHSA-2020:0594
rpms
  • curl-0:7.29.0-51.el7
  • curl-debuginfo-0:7.29.0-51.el7
  • libcurl-0:7.29.0-51.el7
  • libcurl-devel-0:7.29.0-51.el7
  • nss-pem-0:1.0.3-5.el7
  • nss-pem-debuginfo-0:1.0.3-5.el7
  • httpd24-curl-0:7.61.1-1.el6
  • httpd24-curl-0:7.61.1-1.el7
  • httpd24-curl-debuginfo-0:7.61.1-1.el6
  • httpd24-curl-debuginfo-0:7.61.1-1.el7
  • httpd24-httpd-0:2.4.34-7.el6
  • httpd24-httpd-0:2.4.34-7.el7
  • httpd24-httpd-debuginfo-0:2.4.34-7.el6
  • httpd24-httpd-debuginfo-0:2.4.34-7.el7
  • httpd24-httpd-devel-0:2.4.34-7.el6
  • httpd24-httpd-devel-0:2.4.34-7.el7
  • httpd24-httpd-manual-0:2.4.34-7.el6
  • httpd24-httpd-manual-0:2.4.34-7.el7
  • httpd24-httpd-tools-0:2.4.34-7.el6
  • httpd24-httpd-tools-0:2.4.34-7.el7
  • httpd24-libcurl-0:7.61.1-1.el6
  • httpd24-libcurl-0:7.61.1-1.el7
  • httpd24-libcurl-devel-0:7.61.1-1.el6
  • httpd24-libcurl-devel-0:7.61.1-1.el7
  • httpd24-libnghttp2-0:1.7.1-7.el6
  • httpd24-libnghttp2-0:1.7.1-7.el7
  • httpd24-libnghttp2-devel-0:1.7.1-7.el6
  • httpd24-libnghttp2-devel-0:1.7.1-7.el7
  • httpd24-mod_ldap-0:2.4.34-7.el6
  • httpd24-mod_ldap-0:2.4.34-7.el7
  • httpd24-mod_md-0:2.4.34-7.el7
  • httpd24-mod_proxy_html-1:2.4.34-7.el6
  • httpd24-mod_proxy_html-1:2.4.34-7.el7
  • httpd24-mod_session-0:2.4.34-7.el6
  • httpd24-mod_session-0:2.4.34-7.el7
  • httpd24-mod_ssl-1:2.4.34-7.el6
  • httpd24-mod_ssl-1:2.4.34-7.el7
  • httpd24-nghttp2-0:1.7.1-7.el6
  • httpd24-nghttp2-0:1.7.1-7.el7
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el6
  • httpd24-nghttp2-debuginfo-0:1.7.1-7.el7
  • curl-0:7.29.0-46.el7_5.1
  • curl-debuginfo-0:7.29.0-46.el7_5.1
  • libcurl-0:7.29.0-46.el7_5.1
  • libcurl-devel-0:7.29.0-46.el7_5.1
  • curl-0:7.29.0-42.el7_4.2
  • curl-debuginfo-0:7.29.0-42.el7_4.2
  • libcurl-0:7.29.0-42.el7_4.2
  • libcurl-devel-0:7.29.0-42.el7_4.2
refmap via4
confirm https://curl.haxx.se/docs/adv_2018-b3bf.html
debian DSA-4098
misc https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
mlist [debian-lts-announce] 20180129 [SECURITY] [DLA 1263-1] curl security update
sectrack 1040274
ubuntu
  • USN-3554-1
  • USN-3554-2
Last major update 13-06-2022 - 19:10
Published 24-01-2018 - 22:29
Last modified 13-06-2022 - 19:10
Back to Top