SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-11053

CVE-2024-11053: Haxx Curl Information Disclosure Flaw

CVE-2024-11053 is an information disclosure vulnerability in Haxx Curl that allows password leakage during HTTP redirects when using .netrc files. This article covers the technical details, affected versions, and mitigation.

Updated:

CVE-2024-11053 Overview

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Critical Impact

Credential leakage to unauthorized hosts through HTTP redirection using malformed .netrc entries.

Affected Products

  • haxx curl
  • netapp ontap
  • netapp ontap_select_deploy_administration_utility

Discovery Timeline

  • 2024-12-11 - CVE CVE-2024-11053 published to NVD
  • 2025-11-03 - Last updated in NVD database

Technical Details for CVE-2024-11053

Vulnerability Analysis

The vulnerability resides in how curl processes .netrc files for authentication when following HTTP redirects. If a redirect occurs to a host with an incomplete .netrc entry, the credentials from the initial request can be erroneously reused, potentially leaking sensitive data.

Root Cause

The root cause is the mismanagement of credential data when a .netrc file lacks complete login information for redirected URLs.

Attack Vector

The attack vector is network-based, where an attacker could set up a malicious redirect to capture leaked credentials.

bash
# Example exploitation scenario in pseudocode
curl --netrc -L http://first.example.com
# Redirects to http://second.example.com
# Credentials from 'first.example.com' shared with 'second.example.com'

Detection Methods for CVE-2024-11053

Indicators of Compromise

  • Unauthorized access attempts from external hosts
  • Unusual HTTP redirect patterns in logs
  • Abnormal .netrc file access timestamps

Detection Strategies

Utilize log analysis tools to monitor for unusual redirect activities and unauthorized access patterns. Implement strict logging for .netrc file accesses and outbound HTTP requests to detect possible credential leaks.

Monitoring Recommendations

Recommendations include setting up alerts for sudden changes in redirect patterns, especially involving critical applications leveraging curl for HTTP requests.

How to Mitigate CVE-2024-11053

Immediate Actions Required

  • Avoid using .netrc files with incomplete credentials for sensitive operations.
  • Review configurations of any applications using curl to prevent credential leaks.
  • Utilize HTTP headers to restrict redirection to known hosts.

Patch Information

Updates and patches are available in the latest release of curl. Users should apply these updates to remediate the vulnerability.

Workarounds

Configure curl to disable automatic redirect following or hardcode credentials for each known host to prevent unintended leaks.

bash
# Configuration example to avoid automatic redirects
curl --netrc-file /custom/path/.netrc --no-redirect http://example.com

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne