CVE-2009-0037 in curlinformation

Résumé (Anglaise)

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Réserver

15/12/2008

Divulgation

04/03/2009

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
46964curl cross site request forgery352Preuve de conceptCorrectif officielCVE-2009-0037

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!