An attacker could exploit these to extract user credentials, session tokens, or other information that would otherwise be protected by HTTP(S) redirects. An attacker could also inject fake HTTP(S) redirection responses that purport to come from other services, possibly tricking the user into thinking the attacker’s services are the target of the attack. Mitigating Factors: curl does not follow HTTP(S) redirects that have a Host header that does not match the real hostname.

CVE-2022-27775

An attacker could exploit these to cause curl to send requests to a different host than the one being requested, possibly tricking the user into thinking the attacker’s services are the target of the attack. Mitigating Factors: curl does not follow HTTP(S) redirects that have a Host header that does not match the real hostname.
CVE-2022-27801
An attacker could exploit these to cause curl to send requests with overly long headers, which may make it possible to extract private information or bypass authentication mechanisms, in violation of HTTP's security model. Mitigating Factors: curl limits request headers length by default and disables HEAD requests by default.

Timeline

Published on: 06/02/2022 14:15:00 UTC
Last modified on: 08/02/2022 03:15:00 UTC

References