CVE-2009-0037

Name of the Vulnerable Software and Affected Versions curl and libcurl versions 5.11 through 7.19.3

Description The issue allows remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files via a redirect to a file: URL, or execute arbitrary commands via a redirect to an scp: URL, when CURLOPT FOLLOWLOCATION is enabled. This can be exploited to expose local files, upload files to unauthorized locations, or execute commands on the server. The problem can also be used to access files on remote servers if credentials are stored in the .netrc file or if an unencrypted SSH key is available.

Recommendations For curl and libcurl versions 5.11 through 7.19.3, consider disabling the CURLOPT FOLLOWLOCATION option to prevent automatic redirects until a patch is available. As a temporary workaround, restrict access to sensitive local files and avoid using the Location header with untrusted servers. Avoid using the scp protocol with libcurl until the issue is resolved. If possible, update to a version later than 7.19.3 to fully resolve the issue. At the moment, there is no information about additional mitigation measures.