CVE-2009-0037

Publication date 5 March 2009

Last updated 24 July 2024

Ubuntu priority

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
curl	8.10 intrepid	Fixed 7.18.2-1ubuntu4.1
	8.04 LTS hardy	Fixed 7.18.0-1ubuntu2.1
	7.10 gutsy	Fixed 7.16.4-2ubuntu1.1
	6.06 LTS dapper	Fixed 7.15.1-1ubuntu3.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-726-1
curl vulnerability
3 March 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0037