CVE-2018-11713 in WebKit
Summary
by MITRE
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/21/2023
The vulnerability identified as CVE-2018-11713 resides within the WebCore component of WebKitGTK+ and specifically affects the libsoup network backend implementation. This flaw manifests in the SocketStreamHandleImplSoup.cpp file where WebSocket connections fail to properly utilize system proxy settings that are typically configured by users or administrators. The issue impacts WebKitGTK+ versions prior to 2.20.0 and systems that do not employ libsoup version 2.62.0 or later, creating a significant security gap in network communication handling.
The technical flaw stems from improper handling of proxy configuration during WebSocket establishment processes. When a web application attempts to create a WebSocket connection through a WebKitGTK+ browser, the underlying libsoup library should automatically respect and apply the system's configured proxy settings. However, due to this vulnerability, the WebSocket implementation bypasses these proxy configurations, allowing connections to be made directly to target servers without routing through configured proxy infrastructure. This behavior fundamentally undermines the expected network security controls that organizations and users rely upon for traffic filtering, monitoring, and anonymization purposes.
The operational impact of this vulnerability extends beyond simple network connectivity issues, as it creates potential deanonymization risks for users. When malicious websites craft WebSocket connections that bypass proxy configurations, they can directly access network resources without the protective layers that proxies typically provide. This scenario is particularly concerning in environments where users expect anonymity or restricted network access through proxy servers, as attackers can exploit this weakness to establish direct connections to target systems, potentially bypassing firewall rules, content filters, and network monitoring systems. The vulnerability essentially defeats the purpose of proxy-based security controls that organizations implement to protect their networks and user privacy.
From a cybersecurity perspective, this vulnerability aligns with CWE-610, which describes "Remote Resources in Local Context" - where remote resources are accessed in a local context without proper validation of the resource's origin. The flaw also relates to ATT&CK technique T1071.004, which involves application layer protocol usage for command and control communications, as WebSocket connections could be used to establish covert channels that bypass normal network monitoring. Organizations using WebKitGTK+ versions prior to 2.20.0 face increased risk of data exfiltration, network reconnaissance, and bypassing of security controls that depend on proxy infrastructure. The vulnerability demonstrates how seemingly minor implementation details in network libraries can create significant security weaknesses that undermine fundamental privacy and security assumptions in networked applications.
Mitigation strategies should prioritize immediate upgrading of WebKitGTK+ to version 2.20.0 or later, or ensuring that systems utilize libsoup 2.62.0 or newer releases that contain the necessary proxy handling fixes. Network administrators should also implement additional monitoring to detect unusual WebSocket activity that might indicate exploitation attempts, while security teams should review proxy configurations and network access controls to minimize potential impact. Organizations that cannot immediately upgrade should consider implementing network-level controls to restrict WebSocket connections or deploy additional security monitoring to detect unauthorized direct connections that bypass proxy infrastructure.