Oval Definition:	oval:org.mitre.oval:def:6074
Revision Date: 2014-01-20 Version: 8 Title: cURL/libcURL HTTP 'Location:' Redirect Security Bypass Vulnerability Description: The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-0037 Platform(s): VMWare ESX Server 4.0 Product(s): Definition Synopsis VMware ESX Server 4.0 is installed AND All patches must be installed to not be vulnerable Patch ESX400-200906411-SG is not installed OR Patch ESX400-200906407-SG is not installed
BACK