CVE-2009-0037
CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/32834unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://curl.haxx.se/docs/adv_20090303.htmlhttp://curl.haxx.se/lxr/source/CHANGEShttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.htmlhttp://lists.vmware.com/pipermail/security-announce/2009/000060.htmlhttp://secunia.com/advisories/34138http://secunia.com/advisories/34202http://secunia.com/advisories/34237http://secunia.com/advisories/34251http://secunia.com/advisories/34255http://secunia.com/advisories/34259http://secunia.com/advisories/34399