Lucene search
K

2975 matches found

Prion
Prion
added 2009/08/14 3:16 p.m.23 views

Design/Logic Flaw

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

7.5CVSS8.9AI score0.05741EPSS
Exploits4References28Affected Software1
Cvelist
Cvelist
added 2009/08/14 3:0 p.m.37 views

CVE-2009-2417

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

6.3AI score0.03602EPSS
Exploits0References28
Debian CVE
Debian CVE
added 2009/08/14 3:0 p.m.30 views

CVE-2009-2417

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

7.5CVSS5.3AI score0.03602EPSS
Exploits0
CVE
CVE
added 2009/08/14 3:0 p.m.110 views

CVE-2009-2417

CVE-2009-2417 affects lib/ssluse.c in curl/libcurl 7.4–7.19.5 when OpenSSL is used. The flaw is that a '�' character in the X.509 certificate CN may bypass domain-name checks, enabling MITM spoofing of SSL servers via certificates from a trusted CA. Impact and exploitability are described in the ...

7.5CVSS6.1AI score0.03602EPSS
Exploits0References28Affected Software2
Cent OS
Cent OS
added 2009/08/14 2:34 a.m.65 views

curl security update

CentOS Errata and Security Advisory CESA-2009:1209 Updated curl packages that fix security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from...

7.5CVSS6AI score0.03602EPSS
Exploits0References8
seebug.org
seebug.org
added 2009/04/13 12:0 a.m.17 views

PHP cURL safe_mode和open_basedir绕过安全限制漏洞

BUGTRAQ ID: 34475 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP支持libcurl库,用户可以使用各种类型的协议连接到不同类型的服务器。curl函数在检查safemode和openbasedir限制时存在漏洞,可能允许用户绕过安全限制执行非授权操作。例如对于以下代码: curlsetopt$ch, CURLOPTURL, "file:file:////etc/passwd"; curl首先对以下内容检查safemode和openbasedir: "file:////etc/passwd" 接下来读取:...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2009/04/12 12:0 a.m.83 views

PHP 5.2.9 curl safe_mode & open_basedir bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.9 curl safemode & openbasedir bypass Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - Dis.: 31.12.2008 - - Pub.: 10.04.2009 Original URL: http://securityreason.com/achievementsecurityalert/61 - --- 0.Description --- PHP is a...

7.1AI score
Exploits0
Cent OS
Cent OS
added 2009/03/24 4:11 a.m.70 views

curl security update

CentOS Errata and Security Advisory CESA-2009:0341-01 Updated curl packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting...

6.8CVSS6.7AI score0.07812EPSS
Exploits2References8
OpenVAS
OpenVAS
added 2009/03/20 12:0 a.m.20 views

Debian Security Advisory DSA 1738-1 (curl)

The remote host is missing an update to curl announced via advisory DSA 1738-1. OpenVAS Vulnerability Test $Id: deb17381.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1738-1 curl Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

6.8CVSS0.07812EPSS
Exploits2
OpenVAS
OpenVAS
added 2009/03/20 12:0 a.m.19 views

RedHat Security Advisory RHSA-2009:0341

The remote host is missing updates announced in advisory RHSA-2009:0341. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski...

6.8CVSS7.8AI score0.07812EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2009/03/20 12:0 a.m.21 views

RedHat Security Advisory RHSA-2009:0341

The remote host is missing updates announced in advisory RHSA-2009:0341. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski...

6.8CVSS8.2AI score0.07812EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2009/03/20 12:0 a.m.25 views

RHEL 2.1 / 3 / 4 / 5 : curl (RHSA-2009:0341)

Updated curl packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers,...

6.8CVSS7AI score0.07812EPSS
Exploits2References3
Cent OS
Cent OS
added 2009/03/19 4:55 p.m.60 views

curl security update

CentOS Errata and Security Advisory CESA-2009:0341 Updated curl packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. cURL is a tool for getting files...

6.8CVSS6.7AI score0.07812EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2009/03/19 3:30 p.m.4 views

curl: local file access via unsafe redirects

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS6.9AI score0.07812EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2009/03/19 12:0 a.m.24 views

Debian: Security Advisory (DSA-1738-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.9AI score0.07812EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2009/03/12 12:0 a.m.29 views

Debian DSA-1738-1 : curl - arbitrary file access

David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to...

6.8CVSS7.4AI score0.07812EPSS
Exploits2References3
OSV
OSV
added 2009/03/11 12:0 a.m.8 views

DSA-1738-1 curl - arbitrary file access

Bulletin has no description...

6.8CVSS6.3AI score0.07812EPSS
Exploits2
NVD
NVD
added 2009/03/05 2:30 a.m.17 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7AI score0.07812EPSS
Exploits2References32
Prion
Prion
added 2009/03/05 2:30 a.m.15 views

Design/Logic Flaw

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.7AI score0.07812EPSS
Exploits2References32Affected Software2
UbuntuCve
UbuntuCve
added 2009/03/05 2:30 a.m.33 views

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.1AI score0.07812EPSS
Exploits2References2
Rows per page
Query Builder