LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

curl: information disclosure

Package(s):curl CVE #(s):CVE-2009-0037
Created:March 4, 2009 Updated:March 19, 2009
Description: The curl utility does not enforce any restrictions when following HTTP redirects. A malicious server could thus create a redirect which would provide access to arbitrary files on the local system.
Alerts:
CentOS CESA-2009:0341 2009-03-19
Red Hat RHSA-2009:0341-01 2009-03-19
rPath rPSA-2009-0042-1 2009-03-12
Debian DSA-1738-1 2009-03-11
Slackware SSA:2009-069-01 2009-03-11
Gentoo 200903-21 2009-03-09
SuSE SUSE-SR:2009:006 2009-03-10
Mandriva MDVSA-2009:069 2009-03-06
Fedora FEDORA-2009-2265 2009-03-03
Fedora FEDORA-2009-2247 2009-03-03
Ubuntu USN-726-2 2009-03-04
Ubuntu USN-726-1 2009-03-03
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds