Vulnerability Report: Public Exposure of Security Audit File

##Summary: A sensitive internal security audit report file for cURL/libcurl—specifically cure53-curl-report-2016.pdf—was found to be publicly accessible via search engine dorking. This file includes detailed vulnerability findings, exploit vectors, code review observations, and remediation advice from the Cure53 audit engagement in 2016. The exposure of this report may aid malicious actors in reverse engineering older vulnerabilities or targeting systems running legacy versions of libcurl that have not been patched. The report was retrieved through Google dorking, indicating a potential oversight in public file indexing or access control. ##Steps To Reproduce: - Go to your browser and open Google (or any search engine). - Search using the following dorking query: site:curl.se grep - This reveals publicly accessible internal audit reports related to cURL. - Click the link titled cure53-curl-report-2016.pdf or go directly to: https://curl.se/docs/audit/cure53-curl-report-2016.pdf - Open the PDF and navigate to Page 10 to find the detailed description of the Host Header Injection vulnerability (ID: T6). ## Impact ## Summary: An attacker gaining access to the publicly exposed security audit file (cure53-curl-report-2016.pdf) can leverage the information within to: 1. Discover Exploitable Vulnerabilities: - The report details multiple vulnerabilities (e.g., Host Header Injection, TLS validation flaws, memory handling issues) with clear descriptions, impact, and affected code areas. - Even though some issues are patched, older systems or forks may still be vulnerable. 2. Develop Targeted Exploits: - The audit includes technical steps, affected functions, and logic flaws that can be used to craft reliable exploits or proofs of concept (PoCs). 3. Attack Legacy Systems: - Organizations or embedded systems using older versions of libcurl could still be exploitable if they haven’t applied patches. - Attackers could scan for such outdated deployments. 4. Undermine Software Supply Chain Security: - Projects or products depending on outdated libcurl could be targeted indirectly (supply chain attack surface increases). 5. Leak Internal Security Posture: - The report exposes how the code is audited, what weaknesses are common, and how securely certain parts are implemented—providing attackers with insight into the development process and threat modeling priorities.