curl: Directory Traversal Vulnerability in cURL via Content-Disposition Header Processing

Vulnerability Description The parsefilename function in src/toolcbhdr.c does not adequately validate and sanitize filenames extracted from HTTP Content-Disposition headers, allowing directory traversal attacks when the -O remote-name and -J remote-header-name options are used together. Vulnerable...

EulerOS 2.0 SP5 : curl (EulerOS-SA-2020-1935)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - curl can be tricked my a malicious server to overwrite a local file when using -J --remote-header-name and -i --head in the same command...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2020-1796)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - curl can be tricked my a malicious server to overwrite a local file when using -J --remote-header-name and -i --head in the same command...

curl overwrite local file with -J

curl can be tricked by a malicious server to overwrite a local file when using -J --remote-header-name and -i --include in the same command line. The command line tool offers the -J option that saves a remote file using the filename present in the Content-Disposition: response header. curl then...

CURL-CVE-2020-8177 curl overwrite local file with -J

curl can be tricked by a malicious server to overwrite a local file when using -J --remote-header-name and -i --include in the same command line. The command line tool offers the -J option that saves a remote file using the filename present in the Content-Disposition: response header. curl then...

PT-2020-3018 · Curl +7 · Curl +7

Name of the Vulnerable Software and Affected Versions: curl versions 7.20.0 through 7.70.0 Description: The issue exists due to a logical error in handling the Content-Disposition header of an HTTP response. This can allow a remote attacker to overwrite a local file. The vulnerability is related ...

CVE-2010-3842

CVE-2010-3842 affects the curl command-line tool, specifically versions 7.20.0 through 7.21.1. The root cause is improper handling of backslashes as directory separators in the Content-Disposition header when using --remote-header-name (-J). This allows a remote server to cause the client to writ...

local file overwrite

curl offers a command line option --remote-header-name also usable as -J which uses the filename of the Content-disposition: header when it saves the downloaded data locally. curl attempts to cut off the directory parts from any given filename in the header to only store files in the current...