CVE-2009-0037 : Dettaglio

CVE-2009-0037

Cross-Site Request Forgery - CSRF
A01-Broken Access Control
9.54%V4
Network
2009-03-05
02h00 +00:00
2024-08-07
04h17 +00:00
CVE.org
NVD
Notifiche per una CVE specifica
Rimani informato su qualsiasi modifica relativa a una CVE specifica.
Gestione notifiche

Descrizioni CVE

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

Informazioni CVE

Vulnerabilità correlate

CWE-ID Nome della vulnerabilità Source
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Metriche

Metriche Punteggio Gravità CVSS Vettore Source
V2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS è un modello di punteggio che prevede la probabilità che una vulnerabilità venga sfruttata.

Punteggio EPSS

Il modello EPSS produce un punteggio di probabilità compreso tra 0 e 1 (da 0 a 100%). Più alto è il punteggio, maggiore è la probabilità che una vulnerabilità venga sfruttata.

Percentile EPSS

Il percentile viene utilizzato per classificare le CVE in base al loro punteggio EPSS. Ad esempio, una CVE al 95° percentile secondo il suo punteggio EPSS ha una probabilità maggiore di essere sfruttata rispetto al 95% delle altre CVE. Il percentile consente quindi di confrontare il punteggio EPSS di una CVE con quello delle altre.
EPSS First.org

Informazioni sull'exploit

Exploit Database EDB-ID : 32834

Data di pubblicazione : 2009-03-02 23h00 +00:00
Autore : David Kierznowski
Verificato EDB : Yes

Products Mentioned

Configuraton 0

Curl>>Curl >> Version 5.11

Curl>>Curl >> Version 6.0

Curl>>Curl >> Version 6.1beta

Curl>>Curl >> Version 6.2

Curl>>Curl >> Version 6.3

Curl>>Curl >> Version 6.3.1

Curl>>Curl >> Version 6.4

Curl>>Curl >> Version 6.5

Curl>>Curl >> Version 6.5.1

Curl>>Curl >> Version 6.5.2

Curl>>Curl >> Version 7.1

Curl>>Curl >> Version 7.1.1

Curl>>Curl >> Version 7.2

Curl>>Curl >> Version 7.2.1

Curl>>Curl >> Version 7.3

Curl>>Curl >> Version 7.4

Curl>>Curl >> Version 7.4.1

Curl>>Curl >> Version 7.4.2

Curl>>Curl >> Version 7.5

Curl>>Curl >> Version 7.5.1

Curl>>Curl >> Version 7.5.2

Curl>>Curl >> Version 7.6

Curl>>Curl >> Version 7.6.1

Curl>>Curl >> Version 7.7

Curl>>Curl >> Version 7.7.1

Curl>>Curl >> Version 7.7.2

Curl>>Curl >> Version 7.7.3

Curl>>Curl >> Version 7.8

Curl>>Curl >> Version 7.8.1

Curl>>Curl >> Version 7.8.2

Curl>>Curl >> Version 7.9

Curl>>Curl >> Version 7.9.1

Curl>>Curl >> Version 7.9.2

Curl>>Curl >> Version 7.9.3

Curl>>Curl >> Version 7.9.4

Curl>>Curl >> Version 7.9.5

Curl>>Curl >> Version 7.9.6

Curl>>Curl >> Version 7.9.7

Curl>>Curl >> Version 7.9.8

Curl>>Curl >> Version 7.10

Curl>>Curl >> Version 7.10.1

Curl>>Curl >> Version 7.10.2

Curl>>Curl >> Version 7.10.3

Curl>>Curl >> Version 7.10.4

Curl>>Curl >> Version 7.10.5

Curl>>Curl >> Version 7.10.6

Curl>>Curl >> Version 7.10.7

Curl>>Curl >> Version 7.10.8

Curl>>Curl >> Version 7.11.1

Curl>>Curl >> Version 7.12

Curl>>Curl >> Version 7.12.1

Curl>>Curl >> Version 7.12.2

Curl>>Curl >> Version 7.13

Curl>>Curl >> Version 7.13.2

Curl>>Curl >> Version 7.14

Curl>>Curl >> Version 7.14.1

Curl>>Curl >> Version 7.15

Curl>>Curl >> Version 7.15.1

Curl>>Curl >> Version 7.15.3

Curl>>Curl >> Version 7.16.3

Curl>>Curl >> Version 7.16.4

Curl>>Curl >> Version 7.17

Curl>>Curl >> Version 7.18

Curl>>Curl >> Version 7.19.3

Curl>>Libcurl >> Version 5.11

Curl>>Libcurl >> Version 7.12

Curl>>Libcurl >> Version 7.12.1

Curl>>Libcurl >> Version 7.12.2

Curl>>Libcurl >> Version 7.12.3

Curl>>Libcurl >> Version 7.13

Curl>>Libcurl >> Version 7.13.1

Curl>>Libcurl >> Version 7.13.2

Curl>>Libcurl >> Version 7.14

Curl>>Libcurl >> Version 7.14.1

Curl>>Libcurl >> Version 7.15

Curl>>Libcurl >> Version 7.15.1

Curl>>Libcurl >> Version 7.15.2

Curl>>Libcurl >> Version 7.15.3

Curl>>Libcurl >> Version 7.16.3

Curl>>Libcurl >> Version 7.19.3

Riferimenti

http://www.ubuntu.com/usn/USN-726-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/34259
Tags : third-party-advisory, x_refsource_SECUNIA
http://curl.haxx.se/lxr/source/CHANGES
Tags : x_refsource_CONFIRM
http://secunia.com/advisories/35766
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34255
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0341.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2009/dsa-1738
Tags : vendor-advisory, x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2009/1865
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/34138
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34202
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/0581
Tags : vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/33962
Tags : vdb-entry, x_refsource_BID
http://support.apple.com/kb/HT4077
Tags : x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200903-21.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id?1021783
Tags : vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/34251
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34399
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34237
Tags : third-party-advisory, x_refsource_SECUNIA
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.