CVE-2010-3842
Priority
Medium
Description
Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when
the --remote-header-name or -J option is used, allows remote servers to
create or overwrite arbitrary files by using \ (backslash) as a separator
of path components within the Content-disposition HTTP header.
the --remote-header-name or -J option is used, allows remote servers to
create or overwrite arbitrary files by using \ (backslash) as a separator
of path components within the Content-disposition HTTP header.
References
Notes
jdstrand> from curl advisory: Operating systems affected include Windows,
Netware, MSDOS, OS/2 and Symbian.
Netware, MSDOS, OS/2 and Symbian.
Package
| Upstream: | released (7.21.2-1) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored |
| Ubuntu 10.04 LTS (Lucid Lynx): | ignored |
| Ubuntu 11.04 (Natty Narwhal): | ignored |