CVE-2009-0037: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might…

CVE-2009-0037 [MEDIUM] CWE-352 GHSA-jr23-52fg-m7rm: The redirect implementation in curl and libcurl 5 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

CVE-2009-0037 [MEDIUM] CVE-2009-0037: The redirect implementation in curl and libcurl 5 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

CVE-2009-0034 [HIGH] ESX Service Console updates for udev, sudo, and curl VMSA-2009-0009: ESX Service Console updates for udev, sudo, and curl a. Service Console package udev A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1185 to this issue. Please see http://kb.vmware.com/kb/1011786 for details. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Product Version Running on Replace with/ Apply Patch VMware Product VirtualCenter Product Version any Running on Windows Replace with/ Apply Patch not affected VMware Product hosted * Product Version any Runn

CVE-2009-0037 [MEDIUM] curl: local file access via unsafe redirects curl: local file access via unsafe redirects The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

CVE-2009-0037 curl vulnerability Title: curl vulnerability Summary: curl vulnerability It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following "file" URLs after a redirect. Instructions: In general, a standard system upgrade is sufficient to effect the necessary changes.

CVE-2009-0037 [MEDIUM] CVE-2009-0037: curl - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOP... The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. Scope: local bookworm: resolved (fixed in 7.18.2-8.1) bullseye: resolved (fixed in 7.18.2-8.1) forky: resolved (fixed in 7.18.2-8.1) sid: resolved (fixed in 7.18.2-8.1) trixie: resolved (fixed in 7.18.2-8.1)

CVE-2009-0037 cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass --- source: https://www.securityfocus.com/bid/33962/info cURL/libcURL is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks. This issue affects cURL/libcURL 5.11 through 7.19.3. Other versions may also be vulnerable. The following example redirection request may be used to carry out this attack: Location: scp://name:passwd@host/a'``;date >/tmp/test``;'

CVE-2009-3956 [CRITICAL] CVE-2009-3956 acroread: script injection vulnerability (APSB10-02) CVE-2009-3956 acroread: script injection vulnerability (APSB10-02) Adobe Security Bulletin for Adobe Reader and Acrobat APSB10-02 fixes following security flaw: This update mitigates a script injection vulnerability by changing the Enhanced Security default (CVE-2009-3956). Discussion: Public now via: http://www.adobe.com/support/security/bulletins/apsb10-02.html --- This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0037 https://rhn.redhat.com/errata/RHSA-2010-0037.html --- This issue has been addressed in following products: Extras for RHEL 4 Via RHSA-2010:0038 https://rhn.redhat.com/errata/RHSA-2010-0038.html --- This issue has been addressed in following products: Extras for RHEL 3 Via RHSA-2010:0060 https://rhn.redh

CVE-2009-0037 [MEDIUM] CVE-2009-0037 curl: local file access via unsafe redirects CVE-2009-0037 curl: local file access via unsafe redirects When handling automatic redirects, libcurl does not differentiate between different target URLS, and will follow to any new URL that it understands. This includes the "file://" URL type, so a remote server can force a local libcurl-using application to read a local file instead of the remote one. This can lead to these applications exposing local files they are not meant to expose. Discussion: This issue affects RHEL2.1, RHEL3, RHEL4, RHEL5, Fedora 9, and Fedora 10. Affected versions: curl and libcurl 5.11(!) to and including 7.19.3 Not affected versions: curl and libcurl 5.10 and earlier, 7.19.4 and later --- Patch backports for various curl versions: CVS HEAD: http://curl.haxx.se/CVE-2009-0037/curl-CVSHEAD-CVE-2009-0037.pa