CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-3842

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.7%

CVSS Severity

CVSS v2 Score 5.8

References

http://curl.haxx.se/docs/adv_20101013.html
http://secunia.com/advisories/39532
http://securitytracker.com/id?1024583
http://www.openwall.com/lists/oss-security/2010/10/13/1
http://www.openwall.com/lists/oss-security/2010/10/13/4
http://www.openwall.com/lists/oss-security/2010/10/13/5
https://bugzilla.redhat.com/show_bug.cgi?id=642642
http://curl.haxx.se/docs/adv_20101013.html
http://secunia.com/advisories/39532
http://securitytracker.com/id?1024583
http://www.openwall.com/lists/oss-security/2010/10/13/1
http://www.openwall.com/lists/oss-security/2010/10/13/4
http://www.openwall.com/lists/oss-security/2010/10/13/5
https://bugzilla.redhat.com/show_bug.cgi?id=642642

Products affected by CVE-2010-3842

Curl » Curl » Version: 7.20.0

cpe:2.3:a:curl:curl:7.20.0
Curl » Curl » Version: 7.20.1

cpe:2.3:a:curl:curl:7.20.1
Curl » Curl » Version: 7.21.1

cpe:2.3:a:curl:curl:7.21.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-3842

Products

Pricing

Contact Us