FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Affected packages
5.11 <= curl < 7.19.4


VuXML ID 5d433534-f41c-402e-ade5-e0a2259a7cb6
Discovery 2009-03-03
Entry 2009-03-04

Secunia reports:

The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially crafted redirect URLs.


CVE Name CVE-2009-0037