CVE-2010-3842

Priority
Medium
Description
Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when
the --remote-header-name or -J option is used, allows remote servers to
create or overwrite arbitrary files by using \ (backslash) as a separator
of path components within the Content-disposition HTTP header.
References
Notes
 jdstrand> from curl advisory: Operating systems affected include Windows,
  Netware, MSDOS, OS/2 and Symbian.
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.21.2-1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:02 UTC (commit 9756)