Information disclosure in Microsoft Windows and Windows Server



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-27776
CWE-ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Windows Server
Operating systems & Components / Operating system

Windows
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU62644

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-27776

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.

The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).

Mitigation

Install update from vendor's website.

Vulnerable software versions

Windows Server: 2003 - 2022 20H2

Windows: XP - 2000

CPE2.3 External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-27776


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###