CVE-2009-0037

CVSS V2 Medium 6.8 CVSS V3 None

Description

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Overview

CVE ID
CVE-2009-0037

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2009-03-05T02:30:00

Last Modified Date
2018-10-11T20:59:14

Weakness Enumerations

CWE	URL
CWE-352	http://cwe.mitre.org/data/definitions/352.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:curl:curl:5.11:::::::*	1	OR
cpe:2.3:a:curl:curl:6.0:::::::*	1	OR
cpe:2.3:a:curl:curl:6.1beta:::::::*	1	OR
cpe:2.3:a:curl:curl:6.2:::::::*	1	OR
cpe:2.3:a:curl:curl:6.3:::::::*	1	OR
cpe:2.3:a:curl:curl:6.3.1:::::::*	1	OR
cpe:2.3:a:curl:curl:6.4:::::::*	1	OR
cpe:2.3:a:curl:curl:6.5:::::::*	1	OR
cpe:2.3:a:curl:curl:6.5.1:::::::*	1	OR
cpe:2.3:a:curl:curl:6.5.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.1.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.2.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.3:::::::*	1	OR
cpe:2.3:a:curl:curl:7.4:::::::*	1	OR
cpe:2.3:a:curl:curl:7.4.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.4.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.5:::::::*	1	OR
cpe:2.3:a:curl:curl:7.5.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.5.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.6:::::::*	1	OR
cpe:2.3:a:curl:curl:7.6.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.7:::::::*	1	OR
cpe:2.3:a:curl:curl:7.7.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.7.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.7.3:::::::*	1	OR
cpe:2.3:a:curl:curl:7.8:::::::*	1	OR
cpe:2.3:a:curl:curl:7.8.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.8.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.3:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.4:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.5:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.6:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.7:::::::*	1	OR
cpe:2.3:a:curl:curl:7.9.8:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.3:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.4:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.5:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.6:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.7:::::::*	1	OR
cpe:2.3:a:curl:curl:7.10.8:::::::*	1	OR
cpe:2.3:a:curl:curl:7.11.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.12:::::::*	1	OR
cpe:2.3:a:curl:curl:7.12.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.12.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.13:::::::*	1	OR
cpe:2.3:a:curl:curl:7.13.2:::::::*	1	OR
cpe:2.3:a:curl:curl:7.14:::::::*	1	OR
cpe:2.3:a:curl:curl:7.14.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.15:::::::*	1	OR
cpe:2.3:a:curl:curl:7.15.1:::::::*	1	OR
cpe:2.3:a:curl:curl:7.15.3:::::::*	1	OR
cpe:2.3:a:curl:curl:7.16.3:::::::*	1	OR
cpe:2.3:a:curl:curl:7.16.4:::::::*	1	OR
cpe:2.3:a:curl:curl:7.17:::::::*	1	OR
cpe:2.3:a:curl:curl:7.18:::::::*	1	OR
cpe:2.3:a:curl:curl:7.19.3:::::::*	1	OR
cpe:2.3:a:curl:libcurl:5.11:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.12:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.12.1:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.12.2:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.12.3:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.13:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.13.1:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.13.2:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.14:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.14.1:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.15:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.15.1:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.15.2:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.15.3:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.16.3:::::::*	1	OR
cpe:2.3:a:curl:libcurl:7.19.3:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6.8

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
6.4

References

Reference URL	Reference Tags
http://secunia.com/advisories/34138	Vendor Advisory
http://www.securityfocus.com/bid/33962	Exploit Patch
http://www.ubuntu.com/usn/USN-726-1
http://curl.haxx.se/docs/adv_20090303.html	Patch Vendor Advisory
http://curl.haxx.se/lxr/source/CHANGES	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/0581	Patch Vendor Advisory
http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/
http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602
http://secunia.com/advisories/34237
http://secunia.com/advisories/34202
http://security.gentoo.org/glsa/glsa-200903-21.xml
http://secunia.com/advisories/34255
http://secunia.com/advisories/34259
http://www.debian.org/security/2009/dsa-1738
http://secunia.com/advisories/34251
http://secunia.com/advisories/34399
http://www.redhat.com/support/errata/RHSA-2009-0341.html
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
http://www.vupen.com/english/advisories/2009/1865
http://secunia.com/advisories/35766
http://support.apple.com/kb/HT4077
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://www.securitytracker.com/id?1021783
https://exchange.xforce.ibmcloud.com/vulnerabilities/49030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054
http://www.securityfocus.com/archive/1/504849/100/0/threaded
http://www.securityfocus.com/archive/1/501757/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2009-0037
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:26:48				Added to TrackCVE