QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-0037

Back to search

CVE-2009-0037

Published: Mar 5, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

VendorProductVersions

n/a

n/a

affected
n/a

References

USN-726-1
vendor-advisory
x_refsource_UBUNTU
34259
third-party-advisory
x_refsource_SECUNIA
35766
third-party-advisory
x_refsource_SECUNIA
34255
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:0341
vendor-advisory
x_refsource_REDHAT
DSA-1738
vendor-advisory
x_refsource_DEBIAN
ADV-2009-1865
vdb-entry
x_refsource_VUPEN
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
SUSE-SR:2009:006
vendor-advisory
x_refsource_SUSE
34138
third-party-advisory
x_refsource_SECUNIA
34202
third-party-advisory
x_refsource_SECUNIA
20090312 rPSA-2009-0042-1 curl
mailing-list
x_refsource_BUGTRAQ
ADV-2009-0581
vdb-entry
x_refsource_VUPEN
SSA:2009-069-01
vendor-advisory
x_refsource_SLACKWARE
33962
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:11054
vdb-entry
signature
x_refsource_OVAL
GLSA-200903-21
vendor-advisory
x_refsource_GENTOO
oval:org.mitre.oval:def:6074
vdb-entry
signature
x_refsource_OVAL
1021783
vdb-entry
x_refsource_SECTRACK
34251
third-party-advisory
x_refsource_SECUNIA
34399
third-party-advisory
x_refsource_SECUNIA
34237
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now