Oval Definition:	oval:org.mitre.oval:def:21914
Revision Date: 2014-05-26 Version: 13 Title: ELSA-2009:0341: curl security update (Moderate) Description: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-0037 ELSA-2009:0341-01 Platform(s): Oracle Linux 5 Product(s): curl Definition Synopsis Oracle Linux 5.x AND rpm test curl is earlier than 0:7.15.5-2.1.el5_3.4 OR curl-devel is earlier than 0:7.15.5-2.1.el5_3.4
BACK