cURL/libcURL <= 7.19.3 HTTP 'Location:' Redirect Security Bypass Vulnerability

2014-07-01T00:00:00
ID SSV:86102
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/33962/info

cURL/libcURL is prone to a security-bypass vulnerability.

Remote attackers can exploit this issue to bypass certain security restrictions and carry out various attacks.

This issue affects cURL/libcURL 5.11 through 7.19.3. Other versions may also be vulnerable.

The following example redirection request may be used to carry out this attack:
Location: scp://name:passwd@host/a'``;date >/tmp/test``;'