Lucene search

[email protected]CVE-2009-0037

HistoryMar 05, 2009 - 2:30 a.m.

CVE-2009-0037

2009-03-0502:30:00

CWE-352

[email protected]

web.nvd.nist.gov

curl

libcurl

security

cve-2009-0037

http

remote attacks

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Affected configurations

NVD

Node

curlcurlMatch5.11

curlcurlMatch6.0

curlcurlMatch6.1beta

curlcurlMatch6.2

curlcurlMatch6.3

curlcurlMatch6.3.1

curlcurlMatch6.4

curlcurlMatch6.5

curlcurlMatch6.5.1

curlcurlMatch6.5.2

curlcurlMatch7.1

curlcurlMatch7.1.1

curlcurlMatch7.2

curlcurlMatch7.2.1

curlcurlMatch7.3

curlcurlMatch7.4

curlcurlMatch7.4.1

curlcurlMatch7.4.2

curlcurlMatch7.5

curlcurlMatch7.5.1

curlcurlMatch7.5.2

curlcurlMatch7.6

curlcurlMatch7.6.1

curlcurlMatch7.7

curlcurlMatch7.7.1

curlcurlMatch7.7.2

curlcurlMatch7.7.3

curlcurlMatch7.8

curlcurlMatch7.8.1

curlcurlMatch7.8.2

curlcurlMatch7.9

curlcurlMatch7.9.1

curlcurlMatch7.9.2

curlcurlMatch7.9.3

curlcurlMatch7.9.4

curlcurlMatch7.9.5

curlcurlMatch7.9.6

curlcurlMatch7.9.7

curlcurlMatch7.9.8

curlcurlMatch7.10

curlcurlMatch7.10.1

curlcurlMatch7.10.2

curlcurlMatch7.10.3

curlcurlMatch7.10.4

curlcurlMatch7.10.5

curlcurlMatch7.10.6

curlcurlMatch7.10.7

curlcurlMatch7.10.8

curlcurlMatch7.11.1

curlcurlMatch7.12

curlcurlMatch7.12.1

curlcurlMatch7.12.2

curlcurlMatch7.13

curlcurlMatch7.13.2

curlcurlMatch7.14

curlcurlMatch7.14.1

curlcurlMatch7.15

curlcurlMatch7.15.1

curlcurlMatch7.15.3

curlcurlMatch7.16.3

curlcurlMatch7.16.4

curlcurlMatch7.17

curlcurlMatch7.18

curlcurlMatch7.19.3

curllibcurlMatch5.11

curllibcurlMatch7.12

curllibcurlMatch7.12.1

curllibcurlMatch7.12.2

curllibcurlMatch7.12.3

curllibcurlMatch7.13

curllibcurlMatch7.13.1

curllibcurlMatch7.13.2

curllibcurlMatch7.14

curllibcurlMatch7.14.1

curllibcurlMatch7.15

curllibcurlMatch7.15.1

curllibcurlMatch7.15.2

curllibcurlMatch7.15.3

curllibcurlMatch7.16.3

curllibcurlMatch7.19.3

CPENameOperatorVersion
curl:curlcurleq5.11
curl:curlcurleq6.0
curl:curlcurleq6.1beta
curl:curlcurleq6.2
curl:curlcurleq6.3
curl:curlcurleq6.3.1
curl:curlcurleq6.4
curl:curlcurleq6.5
curl:curlcurleq6.5.1
curl:curlcurleq6.5.2

CPE	Name	Operator	Version
curl:curl	curl	eq	5.11
curl:curl	curl	eq	6.0
curl:curl	curl	eq	6.1beta
curl:curl	curl	eq	6.2
curl:curl	curl	eq	6.3
curl:curl	curl	eq	6.3.1
curl:curl	curl	eq	6.4
curl:curl	curl	eq	6.5
curl:curl	curl	eq	6.5.1
curl:curl	curl	eq	6.5.2