CVE-2009-0037

EUVD-2009-0048
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
curlcurl
5.11
curlcurl
6.0
curlcurl
6.1beta:beta
curlcurl
6.2
curlcurl
6.3
curlcurl
6.3.1
curlcurl
6.4
curlcurl
6.5
curlcurl
6.5.1
curlcurl
6.5.2
curlcurl
7.1
curlcurl
7.1.1
curlcurl
7.2
curlcurl
7.2.1
curlcurl
7.3
curlcurl
7.4
curlcurl
7.4.1
curlcurl
7.4.2
curlcurl
7.5
curlcurl
7.5.1
curlcurl
7.5.2
curlcurl
7.6
curlcurl
7.6.1
curlcurl
7.7
curlcurl
7.7.1
curlcurl
7.7.2
curlcurl
7.7.3
curlcurl
7.8
curlcurl
7.8.1
curlcurl
7.8.2
curlcurl
7.9
curlcurl
7.9.1
curlcurl
7.9.2
curlcurl
7.9.3
curlcurl
7.9.4
curlcurl
7.9.5
curlcurl
7.9.6
curlcurl
7.9.7
curlcurl
7.9.8
curlcurl
7.10
curlcurl
7.10.1
curlcurl
7.10.2
curlcurl
7.10.3
curlcurl
7.10.4
curlcurl
7.10.5
curlcurl
7.10.6
curlcurl
7.10.7
curlcurl
7.10.8
curlcurl
7.11.1
curlcurl
7.12
curlcurl
7.12.1
curlcurl
7.12.2
curlcurl
7.13
curlcurl
7.13.2
curlcurl
7.14
curlcurl
7.14.1
curlcurl
7.15
curlcurl
7.15.1
curlcurl
7.15.3
curlcurl
7.16.3
curlcurl
7.16.4
curlcurl
7.17
curlcurl
7.18
curlcurl
7.19.3
curllibcurl
5.11
curllibcurl
7.12
curllibcurl
7.12.1
curllibcurl
7.12.2
curllibcurl
7.12.3
curllibcurl
7.13
curllibcurl
7.13.1
curllibcurl
7.13.2
curllibcurl
7.14
curllibcurl
7.14.1
curllibcurl
7.15
curllibcurl
7.15.1
curllibcurl
7.15.2
curllibcurl
7.15.3
curllibcurl
7.16.3
curllibcurl
7.19.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
curl
bookworm
7.88.1-10+deb12u7
fixed
bookworm (security)
7.88.1-10+deb12u5
fixed
bullseye
7.74.0-1.3+deb11u13
fixed
bullseye (security)
7.74.0-1.3+deb11u11
fixed
sid
8.10.1-2
fixed
trixie
8.10.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
curl
dapper
Fixed 7.15.1-1ubuntu3.1
released
gutsy
Fixed 7.16.4-2ubuntu1.1
released
hardy
Fixed 7.18.0-1ubuntu2.1
released
intrepid
Fixed 7.18.2-1ubuntu4.1
released
Common Weakness Enumeration
References
http://curl.haxx.se/docs/adv_20090303.html
http://curl.haxx.se/lxr/source/CHANGES
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://secunia.com/advisories/34138
http://secunia.com/advisories/34202
http://secunia.com/advisories/34237
http://secunia.com/advisories/34251
http://secunia.com/advisories/34255
http://secunia.com/advisories/34259
http://secunia.com/advisories/34399
http://secunia.com/advisories/35766
http://security.gentoo.org/glsa/glsa-200903-21.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
http://support.apple.com/kb/HT4077
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042
http://www.debian.org/security/2009/dsa-1738
http://www.redhat.com/support/errata/RHSA-2009-0341.html
http://www.securityfocus.com/archive/1/501757/100/0/threaded
http://www.securityfocus.com/archive/1/504849/100/0/threaded
http://www.securityfocus.com/bid/33962
http://www.securitytracker.com/id?1021783
http://www.ubuntu.com/usn/USN-726-1
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
http://www.vupen.com/english/advisories/2009/0581
http://www.vupen.com/english/advisories/2009/1865
http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074
http://curl.haxx.se/docs/adv_20090303.html
http://curl.haxx.se/lxr/source/CHANGES
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://secunia.com/advisories/34138
http://secunia.com/advisories/34202
http://secunia.com/advisories/34237
http://secunia.com/advisories/34251
http://secunia.com/advisories/34255
http://secunia.com/advisories/34259
http://secunia.com/advisories/34399
http://secunia.com/advisories/35766
http://security.gentoo.org/glsa/glsa-200903-21.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
http://support.apple.com/kb/HT4077
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042
http://www.debian.org/security/2009/dsa-1738
http://www.redhat.com/support/errata/RHSA-2009-0341.html
http://www.securityfocus.com/archive/1/501757/100/0/threaded
http://www.securityfocus.com/archive/1/504849/100/0/threaded
http://www.securityfocus.com/bid/33962
http://www.securitytracker.com/id?1021783
http://www.ubuntu.com/usn/USN-726-1
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
http://www.vupen.com/english/advisories/2009/0581
http://www.vupen.com/english/advisories/2009/1865
http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074