FreeBSD : curl -- Automatic referer leaks credentials (b1194286-958e-11eb-9c34-080027f515ea)

medium Nessus Plugin ID 148519

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Daniel Stenberg reports :

libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

libcurl automatically sets the Referer: HTTP request header field in outgoing HTTP requests if the CURLOPT_AUTOREFERER option is set. With the curl tool, it is enabled with --referer ';auto'.

Solution

Update the affected package.

See Also

https://curl.se/docs/CVE-2021-22876.html

http://www.nessus.org/u?2c9a9850

Plugin Details

Severity: Medium

ID: 148519

File Name: freebsd_pkg_b1194286958e11eb9c34080027f515ea.nasl

Version: 1.3

Type: local

Published: 4/14/2021

Updated: 1/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-22876

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:curl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/10/2021

Vulnerability Publication Date: 3/31/2021

Reference Information

CVE: CVE-2021-22876