NVD

Id
47385  
Name
CVE-2009-0037  
Description
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-03-04  
Modified Date
2010-08-21  
Seq
2009-0037  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
237032 47385 CVE-2009-0037 http://curl.haxx.se/docs/adv_20090303.html  View
237033 47385 CVE-2009-0037 http://curl.haxx.se/lxr/source/CHANGES  View
237034 47385 CVE-2009-0037 APPLE-SA-2010-03-29-1  View
237035 47385 CVE-2009-0037 SUSE-SR:2009:006  View
237036 47385 CVE-2009-0037 [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl  View
237037 47385 CVE-2009-0037 oval:org.mitre.oval:def:11054  View
237038 47385 CVE-2009-0037 oval:org.mitre.oval:def:6074  View
237039 47385 CVE-2009-0037 GLSA-200903-21  View
237040 47385 CVE-2009-0037 SSA:2009-069-01  View
237041 47385 CVE-2009-0037 http://support.apple.com/kb/HT4077  View
237042 47385 CVE-2009-0037 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042  View
237043 47385 CVE-2009-0037 DSA-1738  View
237044 47385 CVE-2009-0037 RHSA-2009:0341  View
237045 47385 CVE-2009-0037 20090312 rPSA-2009-0042-1 curl  View
237046 47385 CVE-2009-0037 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl  View
237047 47385 CVE-2009-0037 33962  View
237048 47385 CVE-2009-0037 1021783  View
237049 47385 CVE-2009-0037 USN-726-1  View
237050 47385 CVE-2009-0037 http://www.vmware.com/security/advisories/VMSA-2009-0009.html  View
237051 47385 CVE-2009-0037 ADV-2009-0581  View
237052 47385 CVE-2009-0037 ADV-2009-1865  View
237053 47385 CVE-2009-0037 http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/  View
237054 47385 CVE-2009-0037 http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf  View
237055 47385 CVE-2009-0037 curl-location-security-bypass(49030)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
40121 JVNDB-2009-001127 curl および libcurl の redirect 実装における任意のコマンドを実行される脆弱性 curl および libcurl の redirect 実装には、CURLOPT_FOLLOWLOCATION が有効な場合に、任意の Location 値を受け入れることにより、任意のファイルの読み込みまたは改ざんを行われる、あるいは任意のコマンドを実行される脆弱性が存在します。 CVE-2009-0037 37468 CVE-2009-0037 47385 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001127.html 2009-03-03 2010-04-13 View