CVE-2018-1000007

EPSS 3.87% · P88 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-1000007

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Haxx libcurl 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

HAXX Haxx libcurl是瑞典HAXX公司的一个免费、开源的客户端URL传输库。该库支持FTP、FTPS、TFTP、HTTP等。 Haxx libcurl 7.1版本至7.57.0版本中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息或数据，冒充客户端请求。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-1000007

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-1000007

请登录查看更多情报信息。

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://curl.haxx.se/docs/adv_2018-b3bf.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id/1040274vdb-entryx_refsource_SECTRACK
https://www.debian.org/security/2018/dsa-4098vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3554-2/vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3554-1/vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHBA-2019:0327vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3157vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3558vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0544vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1543vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0594vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018/01/msg00038.htmlmailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2022/04/27/4mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2018-1000007

Same Patch Batch · n/a · 2018-01-24 · 35 CVEs total

CVE-2018-5978		Facebook Style Php Ajax Chat Zechat SQL注入漏洞
CVE-2018-6018		Match Group Tinder iOS app和Tinder Android app 安全漏洞
CVE-2017-1000475		FreeSSHd 安全漏洞
CVE-2018-1000018		ovirt-hosted-engine-setup 信息泄露漏洞
CVE-2017-18075		Linux kernel 资源管理错误漏洞
CVE-2018-5969		Photography CMS 跨站请求伪造漏洞
CVE-2018-5972		Classified Ads CMS Quickad SQL注入漏洞
CVE-2018-5976		RSVP Invitation Online 跨站请求伪造漏洞
CVE-2018-5977		Affiligator Affiliate Webshop Management System SQL注入漏洞
CVE-2018-6017		Match Group Tinder iOS app和Tinder Android app 安全漏洞
CVE-2018-5979		Wchat Fully Responsive PHP AJAX Chat Script SQL注入漏洞
CVE-2018-5984		Joomla! Tumder SQL注入漏洞
CVE-2018-5985		Joomla! LiveCRM SaaS Cloud SQL注入漏洞
CVE-2018-5986		Easy Car Script SQL注入漏洞
CVE-2018-5988		Flexible Poll SQL注入漏洞
CVE-2018-6184		ZEIT Next.js 路径遍历漏洞
CVE-2018-6187		Artifex MuPDF 缓冲区错误漏洞
CVE-2018-6192		Artifex MuPDF 安全漏洞
CVE-2017-1000503		CloudBees Jenkins 竞争条件漏洞
CVE-2017-1000504		CloudBees Jenkins 竞争条件漏洞

Showing top 20 of 35 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-1000007

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-1000007

I. Basic Information for CVE-2018-1000007

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-1000007

III. Intelligence Information for CVE-2018-1000007

Same Patch Batch · n/a · 2018-01-24 · 35 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-1000007

Leave a comment