CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2009-2417 – curl: incorrect verification of SSL certificate with NUL in name
https://notcve.org/view.php?id=CVE-2009-2417
14 Aug 2009 — lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. lib/ssluse.c en cURL y libcurl v7.4 hasta v7.19.5, cuando se usa OpenSSL, no maneja de forma aecuada el caracter '\0' en un nombre de... • http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 1%CPEs: 80EXPL: 2CVE-2009-0037 – cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass
https://notcve.org/view.php?id=CVE-2009-0037
05 Mar 2009 — The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de locali... • https://www.exploit-db.com/exploits/32834 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2005-3185
https://notcve.org/view.php?id=CVE-2005-3185
13 Oct 2005 — Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •