Computer Security
[EN] securityvulns.ru no-pyccku


curl data injection
Published:08.02.2012
Source:
SecurityVulns ID:12171
Type:library
Threat Level:
5/10
Description:Data injection via request URL.
Affected:CURL : curl 7.21
CVE:CVE-2012-0036 (curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.)
Original documentdocumentUBUNTU, [USN-1346-1] curl vulnerability (08.02.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod