URL redirection in curl.haxx.se libcurl
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-8624 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
libcurl Universal components / Libraries / Libraries used by multiple products |
| Vendor | curl.haxx.se |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) URL redirection
EUVDB-ID: #VU1144
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-8624
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform phishing attacks.
The vulnerability is caused by an error when parsing URL. A remote attacker can supply a link with ending "#" character in hostname and cause libcurl client to redirect to a host, specified after the "#" character.
Exploit example:
http://example.com#@evilsite.com/1.txt
The above URL will force libcurl client to connect to evilsite.com hostname instead of example.com.
The vulnerability allows an attacker to perform phishing attacks by tricking victims to connect to untrusted host.
MitigationThe vulnerability is fixed in libcurl 7.51.0:
https://curl.haxx.se/CVE-2016-8625.patch
libcurl: 7.10.6 - 7.50.2
External linkshttp://curl.haxx.se/docs/adv_20161102J.html
http://www.vuxml.org/freebsd/765feb7d-a0d1-11e6-a881-b499baebfeaf.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
