Summary
Detail | |||
---|---|---|---|
Vendor | Curl | First view | 2009-03-04 |
Product | Libcurl | Last view | 2010-03-19 |
Version | 7.13 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:curl:libcurl |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2010-03-19 | CVE-2010-0734 | content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. |
7.5 | 2009-08-14 | CVE-2009-2417 | lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
6.8 | 2009-03-04 | CVE-2009-0037 | The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
33% (1) | CWE-310 | Cryptographic Issues |
33% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
62882 | SSH Tectia Audit Player Location: Redirect URL Handling Privilege Escalation |
62879 | SSH Tectia Audit Player X.509 Certificate Authority (CA) Common Name Null Byt... |
62217 | cURL / libcURL Compressed HTTP Content Registered Callback Overflow |
56994 | cURL/libcURL w/ OpenSSL X.509 Certificate Authority (CA) Common Name Null Byt... |
53572 | cURL/libcURL Location: Redirect URL Handling Privilege Escalation |
OpenVAS Exploits
id | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-02 (cURL) File : nvt/glsa_201203_02.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:1209 centos5 i386 File : nvt/gb_CESA-2009_1209_curl_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:1209 centos3 i386 File : nvt/gb_CESA-2009_1209_curl_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:0341 centos4 i386 File : nvt/gb_CESA-2009_0341_curl_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:0341 centos3 i386 File : nvt/gb_CESA-2009_0341_curl_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for curl CESA-2009:0341-01 centos2 i386 File : nvt/gb_CESA-2009_0341-01_curl_centos2_i386.nasl |
2011-06-24 | Name : Ubuntu Update for curl USN-1158-1 File : nvt/gb_ubuntu_USN_1158_1.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-21 | Name : FreeBSD Ports: curl File : nvt/freebsd_curl3.nasl |
2010-04-09 | Name : CentOS Update for curl CESA-2010:0329 centos3 i386 File : nvt/gb_CESA-2010_0329_curl_centos3_i386.nasl |
2010-04-09 | Name : CentOS Update for curl CESA-2010:0329 centos4 i386 File : nvt/gb_CESA-2010_0329_curl_centos4_i386.nasl |
2010-04-06 | Name : Debian Security Advisory DSA 2023-1 (curl) File : nvt/deb_2023_1.nasl |
2010-04-06 | Name : RedHat Update for curl RHSA-2010:0273-05 File : nvt/gb_RHSA-2010_0273-05_curl.nasl |
2010-04-06 | Name : RedHat Update for curl RHSA-2010:0329-01 File : nvt/gb_RHSA-2010_0329-01_curl.nasl |
2010-03-22 | Name : Mandriva Update for curl MDVSA-2010:062 (curl) File : nvt/gb_mandriva_MDVSA_2010_062.nasl |
2010-03-22 | Name : Fedora Update for curl FEDORA-2010-2720 File : nvt/gb_fedora_2010_2720_curl_fc11.nasl |
2010-03-12 | Name : Fedora Update for curl FEDORA-2010-2762 File : nvt/gb_fedora_2010_2762_curl_fc12.nasl |
2010-02-19 | Name : Mandriva Update for drakxtools MDVA-2010:062 (drakxtools) File : nvt/gb_mandriva_MDVA_2010_062.nasl |
2010-02-19 | Name : Mandriva Update for drakxtools MDVA-2010:062-1 (drakxtools) File : nvt/gb_mandriva_MDVA_2010_062_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:203-1 (curl) File : nvt/mdksa_2009_203_1.nasl |
2009-10-13 | Name : SLES10: Security update for curl File : nvt/sles10_curl0.nasl |
2009-10-13 | Name : SLES10: Security update for curl File : nvt/sles10_curl.nasl |
2009-10-13 | Name : SLES10: Security update for GnuTLS File : nvt/sles10_gnutls.nasl |
2009-10-13 | Name : SLES10: Security update for compat-curl2 File : nvt/sles10_compat-curl2.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-03-08 | Name: The remote VMware ESX host is missing a security-related patch. File: vmware_VMSA-2010-0015_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO |
2016-03-03 | Name: The remote host is missing a security-related patch. File: vmware_VMSA-2009-0009_remote.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2009-0019.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0329.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1209.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-0341.nasl - Type: ACT_GATHER_INFO |
2013-03-06 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090813_curl_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090813_curl_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090319_curl_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090813_curl_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100330_curl_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100330_curl_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20100330_curl_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-04-20 | Name: The remote web server is affected by multiple vulnerabilities. File: hpsmh_7_0_0_24.nasl - Type: ACT_GATHER_INFO |
2012-03-06 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201203-02.nasl - Type: ACT_GATHER_INFO |
2011-06-24 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1158-1.nasl - Type: ACT_GATHER_INFO |
2011-02-17 | Name: The remote VMware ESX host is missing one or more security-related patches. File: vmware_VMSA-2009-0009.nasl - Type: ACT_GATHER_INFO |
2011-02-14 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2011-0003.nasl - Type: ACT_GATHER_INFO |
2010-10-04 | Name: The remote VMware ESX host is missing one or more security-related patches. File: vmware_VMSA-2010-0015.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-2720.nasl - Type: ACT_GATHER_INFO |
2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-2762.nasl - Type: ACT_GATHER_INFO |
2010-06-15 | Name: The remote host is missing a Mac OS X update that fixes a security issue. File: macosx_SecUpd2010-004.nasl - Type: ACT_GATHER_INFO |
2010-06-15 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_6_4.nasl - Type: ACT_GATHER_INFO |