Absolute Path Traversal Vulnerability in Curl 7.20.0 through 7.21.1 with --remote-header-name or -J Option

Absolute Path Traversal Vulnerability in Curl 7.20.0 through 7.21.1 with --remote-header-name or -J Option

CVE-2010-3842 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:P

Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.

Learn more about our Cis Benchmark Audit For Server Software.