Vulnerability-Lookup

CVE-2009-0037 (GCVE-0-2009-0037)

Vulnerability from cvelistv5 – Published: 2009-03-05 02:00 – Updated: 2024-08-07 04:17

Summary

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.ubuntu.com/usn/USN-726-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/34259	third-party-advisoryx_refsource_SECUNIA
	http://curl.haxx.se/lxr/source/CHANGES	x_refsource_CONFIRM
	http://secunia.com/advisories/35766	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/34255	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-03…	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2009/dsa-1738	vendor-advisoryx_refsource_DEBIAN
	http://www.withdk.com/2009/03/03/curllibcurl-redi…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2009/1865	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/34138	third-party-advisoryx_refsource_SECUNIA
	http://curl.haxx.se/docs/adv_20090303.html	x_refsource_CONFIRM
	http://secunia.com/advisories/34202	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/501757/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2009/0581	vdb-entryx_refsource_VUPEN
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/33962	vdb-entryx_refsource_BID
	http://support.apple.com/kb/HT4077	x_refsource_CONFIRM
	http://www.withdk.com/archives/Libcurl_arbitrary_…	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://security.gentoo.org/glsa/glsa-200903-21.xml	vendor-advisoryx_refsource_GENTOO
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securitytracker.com/id?1021783	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/34251	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/34399	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/504849/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/34237	third-party-advisoryx_refsource_SECUNIA
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-726-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-726-1"
          },
          {
            "name": "34259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34259"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/lxr/source/CHANGES"
          },
          {
            "name": "35766",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35766"
          },
          {
            "name": "34255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34255"
          },
          {
            "name": "RHSA-2009:0341",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
          },
          {
            "name": "DSA-1738",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1738"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
          },
          {
            "name": "curl-location-security-bypass(49030)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
          },
          {
            "name": "ADV-2009-1865",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1865"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
          },
          {
            "name": "SUSE-SR:2009:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
          },
          {
            "name": "34138",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20090303.html"
          },
          {
            "name": "34202",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34202"
          },
          {
            "name": "20090312 rPSA-2009-0042-1 curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
          },
          {
            "name": "ADV-2009-0581",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0581"
          },
          {
            "name": "SSA:2009-069-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
          },
          {
            "name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
          },
          {
            "name": "33962",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
          },
          {
            "name": "oval:org.mitre.oval:def:11054",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
          },
          {
            "name": "GLSA-200903-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:6074",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
          },
          {
            "name": "1021783",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021783"
          },
          {
            "name": "34251",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34251"
          },
          {
            "name": "34399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34399"
          },
          {
            "name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
          },
          {
            "name": "34237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-726-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-726-1"
        },
        {
          "name": "34259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34259"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/lxr/source/CHANGES"
        },
        {
          "name": "35766",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35766"
        },
        {
          "name": "34255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34255"
        },
        {
          "name": "RHSA-2009:0341",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
        },
        {
          "name": "DSA-1738",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1738"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
        },
        {
          "name": "curl-location-security-bypass(49030)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
        },
        {
          "name": "ADV-2009-1865",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1865"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
        },
        {
          "name": "SUSE-SR:2009:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
        },
        {
          "name": "34138",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20090303.html"
        },
        {
          "name": "34202",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34202"
        },
        {
          "name": "20090312 rPSA-2009-0042-1 curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
        },
        {
          "name": "ADV-2009-0581",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0581"
        },
        {
          "name": "SSA:2009-069-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
        },
        {
          "name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
        },
        {
          "name": "33962",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
        },
        {
          "name": "oval:org.mitre.oval:def:11054",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
        },
        {
          "name": "GLSA-200903-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:6074",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
        },
        {
          "name": "1021783",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021783"
        },
        {
          "name": "34251",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34251"
        },
        {
          "name": "34399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34399"
        },
        {
          "name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
        },
        {
          "name": "34237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0037",
    "datePublished": "2009-03-05T02:00:00.000Z",
    "dateReserved": "2008-12-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:17:10.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-143

Vulnerability from certfr_avis - Published: 2010-03-30 - Updated: 2010-03-30

De multiples vulnérabilités ont été corrigées dans Mac OS X.

Description

Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4077 du 29 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
    },
    {
      "name": "CVE-2010-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
    },
    {
      "name": "CVE-2010-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
    },
    {
      "name": "CVE-2010-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
    },
    {
      "name": "CVE-2010-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
    },
    {
      "name": "CVE-2010-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
    },
    {
      "name": "CVE-2008-7247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
    },
    {
      "name": "CVE-2003-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
    },
    {
      "name": "CVE-2010-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
    },
    {
      "name": "CVE-2009-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
    },
    {
      "name": "CVE-2009-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
    },
    {
      "name": "CVE-2010-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
    },
    {
      "name": "CVE-2010-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
    },
    {
      "name": "CVE-2010-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2010-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
    },
    {
      "name": "CVE-2008-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
    },
    {
      "name": "CVE-2010-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
    },
    {
      "name": "CVE-2010-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2008-0888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
    },
    {
      "name": "CVE-2009-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-0517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
    },
    {
      "name": "CVE-2010-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
    },
    {
      "name": "CVE-2010-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
    },
    {
      "name": "CVE-2009-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
    },
    {
      "name": "CVE-2010-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
    },
    {
      "name": "CVE-2008-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
    },
    {
      "name": "CVE-2009-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
    },
    {
      "name": "CVE-2010-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
    },
    {
      "name": "CVE-2010-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
    },
    {
      "name": "CVE-2010-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
    },
    {
      "name": "CVE-2010-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
    },
    {
      "name": "CVE-2010-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
    },
    {
      "name": "CVE-2009-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
    },
    {
      "name": "CVE-2010-0526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
    },
    {
      "name": "CVE-2010-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
    },
    {
      "name": "CVE-2009-1904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
    },
    {
      "name": "CVE-2010-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
    },
    {
      "name": "CVE-2009-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
    },
    {
      "name": "CVE-2010-0525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
    },
    {
      "name": "CVE-2010-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
    },
    {
      "name": "CVE-2010-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
    },
    {
      "name": "CVE-2010-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2009-2906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
    },
    {
      "name": "CVE-2010-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2006-1329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
    },
    {
      "name": "CVE-2010-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
    },
    {
      "name": "CVE-2009-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
    },
    {
      "name": "CVE-2010-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
    },
    {
      "name": "CVE-2010-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
    },
    {
      "name": "CVE-2009-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
    },
    {
      "name": "CVE-2009-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2010-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
    },
    {
      "name": "CVE-2010-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
    },
    {
      "name": "CVE-2010-0523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
    },
    {
      "name": "CVE-2010-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
    },
    {
      "name": "CVE-2010-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
    },
    {
      "name": "CVE-2010-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
    }
  ],
  "initial_release_date": "2010-03-30T00:00:00",
  "last_revision_date": "2010-03-30T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
      "url": "http://support.apple.com/kb/HT4077"
    }
  ]
}

CERTA-2009-AVI-105

Vulnerability from certfr_avis - Published: 2009-03-18 - Updated: 2009-03-18

Une vulnérabilité de cURL et de libcURL permet à un individu distant d'exécuter du code arbitraire ou de contourner la politique de sécurité.

Description

Une vulnérabilité présente dans l'implémentation de la fonction redirect (la fonctionnalité de suivre les redirections) de cURL et de libcURL permet à un individu distant de contourner la politique de sécurité. Les versions de cURL et de libcURL compilées pour prendre en charge SCP permettent également à un individu distant d'exécuter du code arbitraire à distance par le biais d'une redirection utilisant le caractère « ; » de façon particulière.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	cURL et libcURL versions antérieures à 7.19.4.

References

Title

Publication Time

Tags

Bulletin de sécurité cURL du 03 mars 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cURL et libcURL versions ant\u00e9rieures \u00e0 7.19.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans l\u0027impl\u00e9mentation de la fonction redirect\n(la fonctionnalit\u00e9 de suivre les redirections) de cURL et de libcURL\npermet \u00e0 un individu distant de contourner la politique de s\u00e9curit\u00e9. Les\nversions de cURL et de libcURL compil\u00e9es pour prendre en charge SCP\npermettent \u00e9galement \u00e0 un individu distant d\u0027ex\u00e9cuter du code arbitraire\n\u00e0 distance par le biais d\u0027une redirection utilisant le caract\u00e8re \u00ab ; \u00bb\nde fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    }
  ],
  "initial_release_date": "2009-03-18T00:00:00",
  "last_revision_date": "2009-03-18T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-105",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de \u003cspan class=\"textit\"\u003ecURL\u003c/span\u003e et de \u003cspan\nclass=\"textit\"\u003elibcURL\u003c/span\u003e permet \u00e0 un individu distant d\u0027ex\u00e9cuter du\ncode arbitraire ou de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans cURL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 cURL du 03 mars 2009",
      "url": "http://curl.haxx.se/docs/adv_20090303.html"
    }
  ]
}

CERTA-2012-AVI-218

Vulnerability from certfr_avis - Published: 2012-04-18 - Updated: 2012-04-18

De multiples vulnérabilités ont été corrigées dans HP System Management Homepage. Leur exploitation permet, entre autres, d'exécuter du code arbitraire à distance et de réaliser des dénis de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP System Management Homepage versions antérieures à 7.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03280632 du 16 avril 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eHP System Management Homepage\u003c/SPAN\u003e  versions ant\u00e9rieures \u00e0 7.0.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
    },
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2011-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
    },
    {
      "name": "CVE-2011-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3348"
    },
    {
      "name": "CVE-2011-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
    },
    {
      "name": "CVE-2011-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
    },
    {
      "name": "CVE-2010-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1623"
    },
    {
      "name": "CVE-2011-3182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3182"
    },
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    },
    {
      "name": "CVE-2010-2791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2791"
    },
    {
      "name": "CVE-2011-3268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3268"
    },
    {
      "name": "CVE-2012-0135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0135"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2010-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2011-3267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3267"
    },
    {
      "name": "CVE-2010-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4409"
    },
    {
      "name": "CVE-2011-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
    },
    {
      "name": "CVE-2011-1467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2012-1993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1993"
    },
    {
      "name": "CVE-2011-2192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
    },
    {
      "name": "CVE-2011-3207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3207"
    },
    {
      "name": "CVE-2011-1470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
    },
    {
      "name": "CVE-2011-1464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1464"
    },
    {
      "name": "CVE-2011-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3639"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-1945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1945"
    },
    {
      "name": "CVE-2011-1928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1928"
    },
    {
      "name": "CVE-2011-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3846"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2011-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
    },
    {
      "name": "CVE-2011-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
    },
    {
      "name": "CVE-2011-3189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3189"
    }
  ],
  "initial_release_date": "2012-04-18T00:00:00",
  "last_revision_date": "2012-04-18T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-218",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP System Management Homepage\u003c/span\u003e. Leur exploitation\npermet, entre autres, d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance et de\nr\u00e9aliser des d\u00e9nis de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP System Management Homepage",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03280632 du 16 avril 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03280632"
    }
  ]
}

GSD-2009-0037

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0037

Aliases

CVE-2009-0037

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0037",
    "description": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.",
    "id": "GSD-2009-0037",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0037.html",
      "https://www.debian.org/security/2009/dsa-1738",
      "https://access.redhat.com/errata/RHSA-2009:0341",
      "https://linux.oracle.com/cve/CVE-2009-0037.html",
      "https://packetstormsecurity.com/files/cve/CVE-2009-0037"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0037"
      ],
      "details": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.",
      "id": "GSD-2009-0037",
      "modified": "2023-12-13T01:19:44.393306Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-0037",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4077",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "http://curl.haxx.se/docs/adv_20090303.html",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/docs/adv_20090303.html"
          },
          {
            "name": "http://curl.haxx.se/lxr/source/CHANGES",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/lxr/source/CHANGES"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
          },
          {
            "name": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html",
            "refsource": "MISC",
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
          },
          {
            "name": "http://secunia.com/advisories/34138",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34138"
          },
          {
            "name": "http://secunia.com/advisories/34202",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34202"
          },
          {
            "name": "http://secunia.com/advisories/34237",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34237"
          },
          {
            "name": "http://secunia.com/advisories/34251",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34251"
          },
          {
            "name": "http://secunia.com/advisories/34255",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34255"
          },
          {
            "name": "http://secunia.com/advisories/34259",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34259"
          },
          {
            "name": "http://secunia.com/advisories/34399",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34399"
          },
          {
            "name": "http://secunia.com/advisories/35766",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35766"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200903-21.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
          },
          {
            "name": "http://www.debian.org/security/2009/dsa-1738",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2009/dsa-1738"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-0341.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/501757/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/504849/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/33962",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/33962"
          },
          {
            "name": "http://www.securitytracker.com/id?1021783",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1021783"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-726-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-726-1"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/0581",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/0581"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1865",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1865"
          },
          {
            "name": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/",
            "refsource": "MISC",
            "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
          },
          {
            "name": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf",
            "refsource": "MISC",
            "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.19.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.1beta:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.16.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:curl:7.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-0037"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34138",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34138"
            },
            {
              "name": "33962",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/33962"
            },
            {
              "name": "USN-726-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-726-1"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20090303.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/docs/adv_20090303.html"
            },
            {
              "name": "http://curl.haxx.se/lxr/source/CHANGES",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/lxr/source/CHANGES"
            },
            {
              "name": "ADV-2009-0581",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0581"
            },
            {
              "name": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
            },
            {
              "name": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
            },
            {
              "name": "SUSE-SR:2009:006",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
            },
            {
              "name": "SSA:2009-069-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
            },
            {
              "name": "34237",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34237"
            },
            {
              "name": "34202",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34202"
            },
            {
              "name": "GLSA-200903-21",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
            },
            {
              "name": "34255",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34255"
            },
            {
              "name": "34259",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34259"
            },
            {
              "name": "DSA-1738",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1738"
            },
            {
              "name": "34251",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34251"
            },
            {
              "name": "34399",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34399"
            },
            {
              "name": "RHSA-2009:0341",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
            },
            {
              "name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
            },
            {
              "name": "ADV-2009-1865",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1865"
            },
            {
              "name": "35766",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35766"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "1021783",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021783"
            },
            {
              "name": "curl-location-security-bypass(49030)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
            },
            {
              "name": "oval:org.mitre.oval:def:6074",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
            },
            {
              "name": "oval:org.mitre.oval:def:11054",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
            },
            {
              "name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
            },
            {
              "name": "20090312 rPSA-2009-0042-1 curl",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:59Z",
      "publishedDate": "2009-03-05T02:30Z"
    }
  }
}

FKIE_CVE-2009-0037

Vulnerability from fkie_nvd - Published: 2009-03-05 02:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://curl.haxx.se/docs/adv_20090303.html	Patch, Vendor Advisory
secalert@redhat.com	http://curl.haxx.se/lxr/source/CHANGES	Patch, Vendor Advisory
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
secalert@redhat.com	http://lists.vmware.com/pipermail/security-announce/2009/000060.html
secalert@redhat.com	http://secunia.com/advisories/34138	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/34202
secalert@redhat.com	http://secunia.com/advisories/34237
secalert@redhat.com	http://secunia.com/advisories/34251
secalert@redhat.com	http://secunia.com/advisories/34255
secalert@redhat.com	http://secunia.com/advisories/34259
secalert@redhat.com	http://secunia.com/advisories/34399
secalert@redhat.com	http://secunia.com/advisories/35766
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200903-21.xml
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
secalert@redhat.com	http://support.apple.com/kb/HT4077
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1738
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-0341.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/501757/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/504849/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/33962	Exploit, Patch
secalert@redhat.com	http://www.securitytracker.com/id?1021783
secalert@redhat.com	http://www.ubuntu.com/usn/USN-726-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2009-0009.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0581	Patch, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1865
secalert@redhat.com	http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
secalert@redhat.com	http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/adv_20090303.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/lxr/source/CHANGES	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2009/000060.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34138	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34202
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34237
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34251
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34255
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34259
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34399
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35766
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200903-21.xml
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1738
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0341.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501757/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/504849/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33962	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021783
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-726-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0009.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0581	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1865
af854a3a-2127-422b-91ae-364da2661108	http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
af854a3a-2127-422b-91ae-364da2661108	http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074

Impacted products

Vendor	Product	Version
curl	curl	5.11
curl	curl	6.0
curl	curl	6.1beta
curl	curl	6.2
curl	curl	6.3
curl	curl	6.3.1
curl	curl	6.4
curl	curl	6.5
curl	curl	6.5.1
curl	curl	6.5.2
curl	curl	7.1
curl	curl	7.1.1
curl	curl	7.2
curl	curl	7.2.1
curl	curl	7.3
curl	curl	7.4
curl	curl	7.4.1
curl	curl	7.4.2
curl	curl	7.5
curl	curl	7.5.1
curl	curl	7.5.2
curl	curl	7.6
curl	curl	7.6.1
curl	curl	7.7
curl	curl	7.7.1
curl	curl	7.7.2
curl	curl	7.7.3
curl	curl	7.8
curl	curl	7.8.1
curl	curl	7.8.2
curl	curl	7.9
curl	curl	7.9.1
curl	curl	7.9.2
curl	curl	7.9.3
curl	curl	7.9.4
curl	curl	7.9.5
curl	curl	7.9.6
curl	curl	7.9.7
curl	curl	7.9.8
curl	curl	7.10
curl	curl	7.10.1
curl	curl	7.10.2
curl	curl	7.10.3
curl	curl	7.10.4
curl	curl	7.10.5
curl	curl	7.10.6
curl	curl	7.10.7
curl	curl	7.10.8
curl	curl	7.11.1
curl	curl	7.12
curl	curl	7.12.1
curl	curl	7.12.2
curl	curl	7.13
curl	curl	7.13.2
curl	curl	7.14
curl	curl	7.14.1
curl	curl	7.15
curl	curl	7.15.1
curl	curl	7.15.3
curl	curl	7.16.3
curl	curl	7.16.4
curl	curl	7.17
curl	curl	7.18
curl	curl	7.19.3
curl	libcurl	5.11
curl	libcurl	7.12
curl	libcurl	7.12.1
curl	libcurl	7.12.2
curl	libcurl	7.12.3
curl	libcurl	7.13
curl	libcurl	7.13.1
curl	libcurl	7.13.2
curl	libcurl	7.14
curl	libcurl	7.14.1
curl	libcurl	7.15
curl	libcurl	7.15.1
curl	libcurl	7.15.2
curl	libcurl	7.15.3
curl	libcurl	7.16.3
curl	libcurl	7.19.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:curl:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "547AF432-EC84-4D3F-9A1A-9DDDE90FAA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "716A8128-1159-4E38-A35B-DB011915145B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.1beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "21D0B74A-8656-486A-97D8-0FFA2B6E7577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFF7F97-FA48-43BF-BF90-180B9E9099AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48753D9B-72A1-4F7C-A71E-AA502F5FA6AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F7F9940-212B-4AA8-B42F-6A8DDBA27652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F9238EF-73A5-486E-94BD-3A411DFBE419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF49459-9F8D-4BF5-9F24-DCB256A72FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA5A191C-D5AE-4A22-8D1A-38FBF5C24705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7637717-CF5F-4AA4-9433-5C80C711D824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC0FFDE-B7C6-47AD-8BED-181E10268643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAA0E96-283D-4590-BE3C-76D0A222EB06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74325BB1-54AE-40BC-81C0-AD07CE6BBDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A980CED-EB95-4997-BE4C-56EF96A14471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D83D9F-242B-4689-91EF-64A56C769C36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FA67F8-137F-4778-A6B6-A6EF59C2271B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F84D43-1CE6-452D-A819-44C7CCBCB8C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EE97A0-420F-4FB7-89CF-2E8064D7E0B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DE2E637-D0CA-4B2E-8386-EF2892E5E074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A6DC7AC-CF08-4E45-AA75-2BABF59D960B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB3A5AE-F854-483C-A6DA-02F811F2F6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20FA870-2B29-4CFE-ABD1-62DB4E165B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8019F384-E7EA-4E4D-8E09-4A1FDDB3849B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "37105953-D573-4191-BB96-758F6AFD882C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "35898A38-91F6-4C77-ACFD-70E1380AEF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E3545C6-934D-4C55-B285-DB44783E0907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5AC6F4-443D-4EB6-83E7-4F193BCC1D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC29408-D7CE-496B-AB2C-783EE40BCC5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC171D9-5418-4C66-BBDA-ABFD978CF113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD68B6D-72AB-4A61-9528-8631B147A3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "97233341-471B-4B59-95ED-F376460370AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0080682-F304-45BE-A13B-C75C48245E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D90019-9713-46CB-90F5-CF6F016AE1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE6D2C32-ADA4-4859-A30F-7B910D96F02A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CDA26B4-A6F6-41B4-A592-C9AF101C5A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "87392CA8-DA66-4E55-9EDA-A85DC6AA253A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFBF583-CE6A-4670-B196-3EEA7B4389BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DFDCF3-FBC3-4231-9915-2D4A7853C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2669757-AA52-4C71-96E4-8A32883574D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8777B0FB-8BFB-4D98-A4C2-E60807CF0C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C0BD35-0B32-46B8-A442-2FEA4762523F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9FFE5B-34E9-47FF-975C-ADC315E7C1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E262EDF2-E490-48F1-B277-844C14CD7361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B1C3BA-BAC3-4424-9523-BCDC373E8EC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B0B2AA-4FD6-4376-A239-00E9431C9F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A11159-1757-404E-AA07-DD865DCDEF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E300177-087D-4103-9092-FF6A4052EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5D1EA8-D015-49F2-B134-C665969F0276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC24D6B-E3E4-4C07-9C4E-3748FDE300EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE6AD55-E3D2-46FD-8EFF-595EEF3B6F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4848C3C8-432D-43E7-B0D9-8FD69D4C3B0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A7BE71-D4FB-42FF-8ED4-BA5A81BE8720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D020D95D-CD04-48A5-9488-1C6E7F69ED8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2458D0E-66F7-484C-9989-308530AE766D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B2D97A-083B-4DEB-A02E-124F36838130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAF7D32E-D07A-478E-96E7-0302B6118B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D46E759-3E26-41AC-BF71-A0450CBF54FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "61CA2263-4478-477A-86C4-6CCCC36F3EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0401FA1-CF19-4BBA-B61B-263CFBA92B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A28049D-C8AF-42D0-A294-851854A66516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.16.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F19EC641-0BC7-486B-A7B7-2C0264BC2DAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C045C9-332E-4277-9167-F25D7F62F702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "262827E1-A139-46E2-B44D-46CC40E8E33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:curl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67B81B43-895A-4FD4-A274-CA762C73DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "339F2D11-27F1-42A8-A780-8D0DAFB168C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEC85E8-5555-46A9-9A95-30E1497AFA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03060364-7DCD-4111-BF7A-BEF6AFCB3134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "319DADFB-081B-46AA-9F7D-DD4D1C5BE26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C6906-5FBD-4736-87B6-720E288E394A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4931FF86-51B6-470A-A2E0-A1B0942D1CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9DA33F-A33E-483E-AE4D-4422D62C02E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5028DB2-87D5-4AD8-87D4-325C519D6CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E992CDB0-A787-4F7E-AC55-13FE7C68A1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "808143C5-108B-45BE-B626-A44F9F956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBBB3F1-98BD-40D1-B09F-1924D567625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D5DAE5-ABEA-4FF1-836C-BA4741F13323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E15191F-D4E6-425C-81BE-2CD55A815B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0407CCC0-ACAA-4B2A-99A5-DA57791057B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "248D86F7-A8E5-448D-A55A-C05278BB9822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBACF741-C988-4800-A9FF-E4836A1EE4E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de redirecci\u00f3n en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de localizaci\u00f3n a elecci\u00f3n del usuario, lo que permite a servidores HTTP remotos (1)iniciar peticiones arbitrarias a servidores de red interna, (2) leer o sobreescribir ficheros arbitrariamente a trav\u00e9s de una redirecci\u00f3n a un fichero: URL, o (3) ejecutar comando arbitrariamente a trav\u00e9s de una redirecci\u00f3n a un scp: URL."
    }
  ],
  "id": "CVE-2009-0037",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-03-05T02:30:00.250",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090303.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/lxr/source/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34138"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34202"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34237"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34251"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34255"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34399"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35766"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1738"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33962"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1021783"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-726-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0581"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090303.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/lxr/source/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-726-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JR23-52FG-M7RM

Vulnerability from github – Published: 2022-05-02 03:12 – Updated: 2025-04-09 04:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0037"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-05T02:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.",
  "id": "GHSA-jr23-52fg-m7rm",
  "modified": "2025-04-09T04:05:54Z",
  "published": "2022-05-02T03:12:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0037"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/docs/adv_20090303.html"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/lxr/source/CHANGES"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34138"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34202"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34237"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34251"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34255"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34259"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34399"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35766"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200903-21.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.476602"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1738"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0341.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/501757/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33962"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021783"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-726-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0581"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1865"
    },
    {
      "type": "WEB",
      "url": "http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access"
    },
    {
      "type": "WEB",
      "url": "http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0037 (GCVE-0-2009-0037)

CERTA-2010-AVI-143

Description

Solution

CERTA-2009-AVI-105

Description

Solution

CERTA-2012-AVI-218

Solution

GSD-2009-0037

FKIE_CVE-2009-0037

GHSA-JR23-52FG-M7RM

Tags

Sightings

Nomenclature