Arbitrary File Access Vulnerability in curl and libcurl
CVE-2009-0037

Currently unrated

Key Information:

Vendor: Curl
Status: Curl; Libcurl
Vendor: CVE Published:; 5 March 2009

What is CVE-2009-0037?

The redirect feature in curl and libcurl versions 5.11 through 7.19.3 contains a vulnerability when the CURLOPT_FOLLOWLOCATION option is enabled, allowing attackers to receive arbitrary Location values. This issue may enable remote HTTP servers to trigger unsolicited requests to intranet servers, pose risks of reading or overwriting files through redirects to file URLs, and execute arbitrary commands via SCP redirects, effectively compromising server integrity and security.

References

http://www.ubuntu.com/usn/USN-726-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/34259

third-party-advisoryx_refsource_SECUNIA

http://curl.haxx.se/lxr/source/CHANGES

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 5, 2009
Vulnerability Reserved
Dec 15, 2008

Curl

What is CVE-2009-0037?

References

Timeline