The redirect implementation in curl and libcurl 5.11 up to and including 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
curl curl 6.3.1 |
||
curl curl 6.4 |
||
curl curl 7.2 |
||
curl curl 7.3 |
||
curl curl 7.6 |
||
curl curl 7.6.1 |
||
curl curl 7.8.1 |
||
curl curl 7.8.2 |
||
curl curl 7.9.6 |
||
curl curl 7.9.7 |
||
curl curl 7.10.5 |
||
curl curl 7.10.6 |
||
curl curl 7.13.2 |
||
curl curl 7.14 |
||
curl curl 7.19.3 |
||
curl libcurl 7.12 |
||
curl libcurl 7.14.1 |
||
curl libcurl 7.15 |
||
curl libcurl 7.15.1 |
||
curl curl 6.5 |
||
curl curl 6.5.1 |
||
curl curl 7.4 |
||
curl curl 7.4.1 |
||
curl curl 7.7 |
||
curl curl 7.7.1 |
||
curl curl 7.9 |
||
curl curl 7.9.1 |
||
curl curl 7.9.8 |
||
curl curl 7.10 |
||
curl curl 7.10.7 |
||
curl curl 7.10.8 |
||
curl curl 7.11.1 |
||
curl curl 7.14.1 |
||
curl curl 7.15 |
||
curl libcurl 7.12.1 |
||
curl libcurl 7.12.2 |
||
curl libcurl 7.15.3 |
||
curl libcurl 7.16.3 |
||
curl curl 5.11 |
||
curl curl 6.0 |
||
curl curl 6.5.2 |
||
curl curl 7.1 |
||
curl curl 7.4.2 |
||
curl curl 7.5 |
||
curl curl 7.7.2 |
||
curl curl 7.7.3 |
||
curl curl 7.16.3 |
||
curl curl 7.9.2 |
||
curl curl 7.9.3 |
||
curl curl 7.10.1 |
||
curl curl 7.10.2 |
||
curl curl 7.12.1 |
||
curl curl 7.12 |
||
curl curl 7.15.1 |
||
curl curl 7.15.3 |
||
curl libcurl 7.12.3 |
||
curl libcurl 7.13.1 |
||
curl libcurl 5.11 |
||
curl libcurl 7.19.3 |
||
curl curl 6.1beta |
||
curl curl 6.2 |
||
curl curl 6.3 |
||
curl curl 7.1.1 |
||
curl curl 7.2.1 |
||
curl curl 7.5.1 |
||
curl curl 7.5.2 |
||
curl curl 7.16.4 |
||
curl curl 7.8 |
||
curl curl 7.9.4 |
||
curl curl 7.9.5 |
||
curl curl 7.10.3 |
||
curl curl 7.10.4 |
||
curl curl 7.12.2 |
||
curl curl 7.13 |
||
curl curl 7.17 |
||
curl curl 7.18 |
||
curl libcurl 7.13.2 |
||
curl libcurl 7.14 |
||
curl libcurl 7.15.2 |
||
curl libcurl 7.13 |