vendor:
cURL
by:
Secunia Research
8.8
CVSS
HIGH
Security-Bypass
20
CWE
Product Name: cURL
Affected Version From: 5.11
Affected Version To: 7.19.3
Patch Exists: YES
Related CWE: CVE-2009-0037
CPE: 20
Metasploit:
https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0009-service-console-package-curl-cve-2009-0037/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0037/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-5d433534-f41c-402e-ade5-e0a2259a7cb6/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-0341/, https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2009-0037/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-0037/, https://www.rapid7.com/db/vulnerabilities/apple-osx-curl-cve-2009-0037/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-0037/
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=35819, https://www.infosecmatter.com/nessus-plugin-library/?id=41489, https://www.infosecmatter.com/nessus-plugin-library/?id=41280, https://www.infosecmatter.com/nessus-plugin-library/?id=35971, https://www.infosecmatter.com/nessus-plugin-library/?id=89115, https://www.infosecmatter.com/nessus-plugin-library/?id=52011, https://www.infosecmatter.com/nessus-plugin-library/?id=36748, https://www.infosecmatter.com/nessus-plugin-library/?id=45373, https://www.infosecmatter.com/nessus-plugin-library/?id=36751, https://www.infosecmatter.com/nessus-plugin-library/?id=67821
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009
cURL/libcURL Security-Bypass Vulnerability
Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks. The following example redirection request may be used to carry out this attack: Location: scp://name:passwd@host/a'``;date >/tmp/test``;'
Mitigation:
Upgrade to version 7.19.4 or later.
