#VU1144 URL redirection in libcurl
Vulnerability identifier: #VU1144
Vulnerability risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
libcurl
Universal components / Libraries /
Libraries used by multiple products
Vendor: curl.haxx.se
Description
The vulnerability allows a remote attacker to perform phishing attacks.
The vulnerability is caused by an error when parsing URL. A remote attacker can supply a link with ending "#" character in hostname and cause libcurl client to redirect to a host, specified after the "#" character.
Exploit example:
http://example.com#@evilsite.com/1.txt
The above URL will force libcurl client to connect to evilsite.com hostname instead of example.com.
The vulnerability allows an attacker to perform phishing attacks by tricking victims to connect to untrusted host.
Mitigation
The vulnerability is fixed in libcurl 7.51.0:
https://curl.haxx.se/CVE-2016-8625.patch
Vulnerable software versions
libcurl: 7.10.6 - 7.50.2
External links
http://curl.haxx.se/docs/adv_20161102J.html
http://www.vuxml.org/freebsd/765feb7d-a0d1-11e6-a881-b499baebfeaf.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
