{"api_version":"1","generated_at":"2026-04-23T01:11:40+00:00","cve":"CVE-2009-0037","urls":{"html":"https://cve.report/CVE-2009-0037","api":"https://cve.report/api/cve/CVE-2009-0037.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0037","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0037"},"summary":{"title":"CVE-2009-0037","description":"The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.","state":"PUBLISHED","assigner":"redhat","published_at":"2009-03-05 02:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-352","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.ubuntu.com/usn/USN-726-1","name":"http://www.ubuntu.com/usn/USN-726-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-726-1: curl vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/33962","name":"http://www.securityfocus.com/bid/33962","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-0341.html","name":"http://www.redhat.com/support/errata/RHSA-2009-0341.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/504849/100/0/threaded","name":"http://www.securityfocus.com/archive/1/504849/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf","name":"http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49030","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49030","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2009/dsa-1738","name":"http://www.debian.org/security/2009/dsa-1738","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1738-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34259","name":"http://secunia.com/advisories/34259","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SUSE Update for Multiple Packages - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://curl.haxx.se/lxr/source/CHANGES","name":"http://curl.haxx.se/lxr/source/CHANGES","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"curl: page not found","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/34255","name":"http://secunia.com/advisories/34255","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rPath update for curl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/","name":"http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"With DK  » Blog Archive   » cURL/LibcURL Redirect Arbitrary File Access","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/0581","name":"http://www.vupen.com/english/advisories/2009/0581","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34251","name":"http://secunia.com/advisories/34251","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Slackware update for curl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.vmware.com/pipermail/security-announce/2009/000060.html","name":"http://lists.vmware.com/pipermail/security-announce/2009/000060.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Security-announce] VMSA-2009-0009 ESX Service Console updates for\tudev, sudo, and curl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1021783","name":"http://www.securitytracker.com/id?1021783","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"cURL/libcurl HTTP Redirect Processing May Let Remote Users Access Files - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35766","name":"http://secunia.com/advisories/35766","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware ESX Server update for udev, sudo, and curl - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34237","name":"http://secunia.com/advisories/34237","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian update for curl - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","name":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/1865","name":"http://www.vupen.com/english/advisories/2009/1865","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2009-0009.html","name":"http://www.vmware.com/security/advisories/VMSA-2009-0009.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMSA-2009-0009","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.apple.com/kb/HT4077","name":"http://support.apple.com/kb/HT4077","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About the security content of Security Update 2010-002 / Mac OS X v10.6.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34202","name":"http://secunia.com/advisories/34202","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo update for curl - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042","name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories:rPSA-2009-0042 - rPath Wiki","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602","name":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"The Slackware Linux Project: Slackware Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34399","name":"http://secunia.com/advisories/34399","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for curl - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34138","name":"http://secunia.com/advisories/34138","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"cURL/libcURL \"Location:\" Redirect URLs Security Bypass - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/501757/100/0/threaded","name":"http://www.securityfocus.com/archive/1/501757/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://curl.haxx.se/docs/adv_20090303.html","name":"http://curl.haxx.se/docs/adv_20090303.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"cURL - Security Advisory (March 3, 2009)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html","name":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2009:006","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200903-21.xml","name":"http://security.gentoo.org/glsa/glsa-200903-21.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  cURL: Arbitrary file access","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0037","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0037","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"5.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.1beta","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"6.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.10.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.12.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.12.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.13.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.14.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.15.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.16.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.16.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.19.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.7.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"curl","cpe6":"7.9.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"5.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.12.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.12.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.12.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.13.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.13.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.14.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.15.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.15.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.16.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"37","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"curl","cpe5":"libcurl","cpe6":"7.19.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:17:10.543Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"USN-726-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-726-1"},{"name":"34259","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34259"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://curl.haxx.se/lxr/source/CHANGES"},{"name":"35766","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35766"},{"name":"34255","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34255"},{"name":"RHSA-2009:0341","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2009-0341.html"},{"name":"DSA-1738","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2009/dsa-1738"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"},{"name":"curl-location-security-bypass(49030)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"},{"name":"ADV-2009-1865","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1865"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"},{"name":"SUSE-SR:2009:006","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"},{"name":"34138","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34138"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://curl.haxx.se/docs/adv_20090303.html"},{"name":"34202","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34202"},{"name":"20090312 rPSA-2009-0042-1 curl","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/501757/100/0/threaded"},{"name":"ADV-2009-0581","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/0581"},{"name":"SSA:2009-069-01","tags":["vendor-advisory","x_refsource_SLACKWARE","x_transferred"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602"},{"name":"[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.vmware.com/pipermail/security-announce/2009/000060.html"},{"name":"33962","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/33962"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.apple.com/kb/HT4077"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"},{"name":"oval:org.mitre.oval:def:11054","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"},{"name":"GLSA-200903-21","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200903-21.xml"},{"name":"oval:org.mitre.oval:def:6074","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"},{"name":"1021783","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1021783"},{"name":"34251","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34251"},{"name":"34399","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34399"},{"name":"20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/504849/100/0/threaded"},{"name":"34237","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34237"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0009.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-03-03T00:00:00.000Z","descriptions":[{"lang":"en","value":"The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"USN-726-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-726-1"},{"name":"34259","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34259"},{"tags":["x_refsource_CONFIRM"],"url":"http://curl.haxx.se/lxr/source/CHANGES"},{"name":"35766","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35766"},{"name":"34255","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34255"},{"name":"RHSA-2009:0341","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2009-0341.html"},{"name":"DSA-1738","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2009/dsa-1738"},{"tags":["x_refsource_MISC"],"url":"http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/"},{"name":"curl-location-security-bypass(49030)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49030"},{"name":"ADV-2009-1865","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1865"},{"name":"APPLE-SA-2010-03-29-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0042"},{"name":"SUSE-SR:2009:006","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"},{"name":"34138","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34138"},{"tags":["x_refsource_CONFIRM"],"url":"http://curl.haxx.se/docs/adv_20090303.html"},{"name":"34202","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34202"},{"name":"20090312 rPSA-2009-0042-1 curl","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/501757/100/0/threaded"},{"name":"ADV-2009-0581","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/0581"},{"name":"SSA:2009-069-01","tags":["vendor-advisory","x_refsource_SLACKWARE"],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602"},{"name":"[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.vmware.com/pipermail/security-announce/2009/000060.html"},{"name":"33962","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/33962"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.apple.com/kb/HT4077"},{"tags":["x_refsource_MISC"],"url":"http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf"},{"name":"oval:org.mitre.oval:def:11054","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054"},{"name":"GLSA-200903-21","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200903-21.xml"},{"name":"oval:org.mitre.oval:def:6074","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074"},{"name":"1021783","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1021783"},{"name":"34251","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34251"},{"name":"34399","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34399"},{"name":"20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/504849/100/0/threaded"},{"name":"34237","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34237"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/security/advisories/VMSA-2009-0009.html"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2009-0037","datePublished":"2009-03-05T02:00:00.000Z","dateReserved":"2008-12-15T00:00:00.000Z","dateUpdated":"2024-08-07T04:17:10.543Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-03-05 02:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-352","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:5.11:*:*:*:*:*:*:*","matchCriteriaId":"547AF432-EC84-4D3F-9A1A-9DDDE90FAA89"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.0:*:*:*:*:*:*:*","matchCriteriaId":"716A8128-1159-4E38-A35B-DB011915145B"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.1beta:*:*:*:*:*:*:*","matchCriteriaId":"21D0B74A-8656-486A-97D8-0FFA2B6E7577"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.2:*:*:*:*:*:*:*","matchCriteriaId":"CCFF7F97-FA48-43BF-BF90-180B9E9099AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.3:*:*:*:*:*:*:*","matchCriteriaId":"48753D9B-72A1-4F7C-A71E-AA502F5FA6AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.3.1:*:*:*:*:*:*:*","matchCriteriaId":"2F7F9940-212B-4AA8-B42F-6A8DDBA27652"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.4:*:*:*:*:*:*:*","matchCriteriaId":"8F9238EF-73A5-486E-94BD-3A411DFBE419"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.5:*:*:*:*:*:*:*","matchCriteriaId":"8FF49459-9F8D-4BF5-9F24-DCB256A72FCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.5.1:*:*:*:*:*:*:*","matchCriteriaId":"CA5A191C-D5AE-4A22-8D1A-38FBF5C24705"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:6.5.2:*:*:*:*:*:*:*","matchCriteriaId":"E7637717-CF5F-4AA4-9433-5C80C711D824"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.1:*:*:*:*:*:*:*","matchCriteriaId":"3AC0FFDE-B7C6-47AD-8BED-181E10268643"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DAAA0E96-283D-4590-BE3C-76D0A222EB06"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.2:*:*:*:*:*:*:*","matchCriteriaId":"74325BB1-54AE-40BC-81C0-AD07CE6BBDCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1A980CED-EB95-4997-BE4C-56EF96A14471"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.3:*:*:*:*:*:*:*","matchCriteriaId":"A8D83D9F-242B-4689-91EF-64A56C769C36"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.4:*:*:*:*:*:*:*","matchCriteriaId":"17FA67F8-137F-4778-A6B6-A6EF59C2271B"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"49F84D43-1CE6-452D-A819-44C7CCBCB8C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"95EE97A0-420F-4FB7-89CF-2E8064D7E0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.5:*:*:*:*:*:*:*","matchCriteriaId":"9DE2E637-D0CA-4B2E-8386-EF2892E5E074"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.5.1:*:*:*:*:*:*:*","matchCriteriaId":"2A6DC7AC-CF08-4E45-AA75-2BABF59D960B"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.5.2:*:*:*:*:*:*:*","matchCriteriaId":"7CB3A5AE-F854-483C-A6DA-02F811F2F6B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.6:*:*:*:*:*:*:*","matchCriteriaId":"D20FA870-2B29-4CFE-ABD1-62DB4E165B41"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.6.1:*:*:*:*:*:*:*","matchCriteriaId":"8019F384-E7EA-4E4D-8E09-4A1FDDB3849B"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.7:*:*:*:*:*:*:*","matchCriteriaId":"37105953-D573-4191-BB96-758F6AFD882C"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.7.1:*:*:*:*:*:*:*","matchCriteriaId":"35898A38-91F6-4C77-ACFD-70E1380AEF35"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.7.2:*:*:*:*:*:*:*","matchCriteriaId":"6E3545C6-934D-4C55-B285-DB44783E0907"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.7.3:*:*:*:*:*:*:*","matchCriteriaId":"7F5AC6F4-443D-4EB6-83E7-4F193BCC1D0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.8:*:*:*:*:*:*:*","matchCriteriaId":"2BC29408-D7CE-496B-AB2C-783EE40BCC5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.8.1:*:*:*:*:*:*:*","matchCriteriaId":"DEC171D9-5418-4C66-BBDA-ABFD978CF113"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.8.2:*:*:*:*:*:*:*","matchCriteriaId":"3CD68B6D-72AB-4A61-9528-8631B147A3DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9:*:*:*:*:*:*:*","matchCriteriaId":"97233341-471B-4B59-95ED-F376460370AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.1:*:*:*:*:*:*:*","matchCriteriaId":"A0080682-F304-45BE-A13B-C75C48245E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.2:*:*:*:*:*:*:*","matchCriteriaId":"46D90019-9713-46CB-90F5-CF6F016AE1D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.3:*:*:*:*:*:*:*","matchCriteriaId":"FE6D2C32-ADA4-4859-A30F-7B910D96F02A"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.4:*:*:*:*:*:*:*","matchCriteriaId":"7CDA26B4-A6F6-41B4-A592-C9AF101C5A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.5:*:*:*:*:*:*:*","matchCriteriaId":"87392CA8-DA66-4E55-9EDA-A85DC6AA253A"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.6:*:*:*:*:*:*:*","matchCriteriaId":"DFFBF583-CE6A-4670-B196-3EEA7B4389BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.7:*:*:*:*:*:*:*","matchCriteriaId":"75DFDCF3-FBC3-4231-9915-2D4A7853C1E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.9.8:*:*:*:*:*:*:*","matchCriteriaId":"D2669757-AA52-4C71-96E4-8A32883574D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10:*:*:*:*:*:*:*","matchCriteriaId":"8777B0FB-8BFB-4D98-A4C2-E60807CF0C5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.1:*:*:*:*:*:*:*","matchCriteriaId":"19C0BD35-0B32-46B8-A442-2FEA4762523F"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.2:*:*:*:*:*:*:*","matchCriteriaId":"8A9FFE5B-34E9-47FF-975C-ADC315E7C1E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.3:*:*:*:*:*:*:*","matchCriteriaId":"E262EDF2-E490-48F1-B277-844C14CD7361"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.4:*:*:*:*:*:*:*","matchCriteriaId":"D1B1C3BA-BAC3-4424-9523-BCDC373E8EC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.5:*:*:*:*:*:*:*","matchCriteriaId":"96B0B2AA-4FD6-4376-A239-00E9431C9F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.6:*:*:*:*:*:*:*","matchCriteriaId":"21A11159-1757-404E-AA07-DD865DCDEF8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.7:*:*:*:*:*:*:*","matchCriteriaId":"7E300177-087D-4103-9092-FF6A4052EA30"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.10.8:*:*:*:*:*:*:*","matchCriteriaId":"2D5D1EA8-D015-49F2-B134-C665969F0276"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.11.1:*:*:*:*:*:*:*","matchCriteriaId":"1CC24D6B-E3E4-4C07-9C4E-3748FDE300EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.12:*:*:*:*:*:*:*","matchCriteriaId":"FAE6AD55-E3D2-46FD-8EFF-595EEF3B6F0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.12.1:*:*:*:*:*:*:*","matchCriteriaId":"4848C3C8-432D-43E7-B0D9-8FD69D4C3B0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.12.2:*:*:*:*:*:*:*","matchCriteriaId":"A0A7BE71-D4FB-42FF-8ED4-BA5A81BE8720"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.13:*:*:*:*:*:*:*","matchCriteriaId":"D020D95D-CD04-48A5-9488-1C6E7F69ED8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.13.2:*:*:*:*:*:*:*","matchCriteriaId":"B2458D0E-66F7-484C-9989-308530AE766D"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.14:*:*:*:*:*:*:*","matchCriteriaId":"80B2D97A-083B-4DEB-A02E-124F36838130"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.14.1:*:*:*:*:*:*:*","matchCriteriaId":"EAF7D32E-D07A-478E-96E7-0302B6118B3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.15:*:*:*:*:*:*:*","matchCriteriaId":"3D46E759-3E26-41AC-BF71-A0450CBF54FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.15.1:*:*:*:*:*:*:*","matchCriteriaId":"61CA2263-4478-477A-86C4-6CCCC36F3EBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.15.3:*:*:*:*:*:*:*","matchCriteriaId":"B0401FA1-CF19-4BBA-B61B-263CFBA92B71"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.16.3:*:*:*:*:*:*:*","matchCriteriaId":"3A28049D-C8AF-42D0-A294-851854A66516"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.16.4:*:*:*:*:*:*:*","matchCriteriaId":"F19EC641-0BC7-486B-A7B7-2C0264BC2DAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.17:*:*:*:*:*:*:*","matchCriteriaId":"24C045C9-332E-4277-9167-F25D7F62F702"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.18:*:*:*:*:*:*:*","matchCriteriaId":"262827E1-A139-46E2-B44D-46CC40E8E33B"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:curl:7.19.3:*:*:*:*:*:*:*","matchCriteriaId":"67B81B43-895A-4FD4-A274-CA762C73DCA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:5.11:*:*:*:*:*:*:*","matchCriteriaId":"339F2D11-27F1-42A8-A780-8D0DAFB168C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*","matchCriteriaId":"3DEC85E8-5555-46A9-9A95-30E1497AFA09"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*","matchCriteriaId":"03060364-7DCD-4111-BF7A-BEF6AFCB3134"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*","matchCriteriaId":"319DADFB-081B-46AA-9F7D-DD4D1C5BE26D"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*","matchCriteriaId":"3D9C6906-5FBD-4736-87B6-720E288E394A"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*","matchCriteriaId":"4931FF86-51B6-470A-A2E0-A1B0942D1CF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*","matchCriteriaId":"FA9DA33F-A33E-483E-AE4D-4422D62C02E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*","matchCriteriaId":"F5028DB2-87D5-4AD8-87D4-325C519D6CD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*","matchCriteriaId":"E992CDB0-A787-4F7E-AC55-13FE7C68A1D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*","matchCriteriaId":"808143C5-108B-45BE-B626-A44F9F956018"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*","matchCriteriaId":"8EBBB3F1-98BD-40D1-B09F-1924D567625A"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*","matchCriteriaId":"88D5DAE5-ABEA-4FF1-836C-BA4741F13323"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*","matchCriteriaId":"7E15191F-D4E6-425C-81BE-2CD55A815B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*","matchCriteriaId":"0407CCC0-ACAA-4B2A-99A5-DA57791057B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*","matchCriteriaId":"248D86F7-A8E5-448D-A55A-C05278BB9822"},{"vulnerable":true,"criteria":"cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*","matchCriteriaId":"EBACF741-C988-4800-A9FF-E4836A1EE4E8"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"37","Ordinal":"1","Title":"CVE-2009-0037","CVE":"CVE-2009-0037","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"37","Ordinal":"1","NoteData":"The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.","Type":"Description","Title":"CVE-2009-0037"},{"CveYear":"2009","CveId":"37","Ordinal":"2","NoteData":"2009-03-04","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"37","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}