cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass
| EKU-ID: 37724 | CVE: CVE-2009-0037;OSVDB-53572 | OSVDB-ID: |
| Author: David Kierznowski | Published: 2009-03-03 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37724 | CVE: CVE-2009-0037;OSVDB-53572 | OSVDB-ID: |
| Author: David Kierznowski | Published: 2009-03-03 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/33962/info cURL/libcURL is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks. This issue affects cURL/libcURL 5.11 through 7.19.3. Other versions may also be vulnerable. The following example redirection request may be used to carry out this attack: Location: scp://name:passwd@host/a'``;date >/tmp/test``;'