Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jeet-9rt6-vygh
Vulnerability ID VCID-jeet-9rt6-vygh
Aliases CVE-2009-0037
Summary curl: local file access via unsafe redirects
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-142 Improper Neutralization of Value Delimiters
System Score Found at
epss 0.09919 https://api.first.org/data/v1/epss?cve=CVE-2009-0037
cvssv3.1 Medium https://curl.se/docs/CVE-2009-0037.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0037.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0037
https://curl.se/docs/CVE-2009-0037.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
485271 https://bugzilla.redhat.com/show_bug.cgi?id=485271
518423 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518423
CVE-2009-0037;OSVDB-53572 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32834.txt
CVE-2009-0037;OSVDB-53572 Exploit https://www.securityfocus.com/bid/33962/info
GLSA-200903-21 https://security.gentoo.org/glsa/200903-21
RHSA-2009:0341 https://access.redhat.com/errata/RHSA-2009:0341
USN-726-1 https://usn.ubuntu.com/726-1/
Data source Exploit-DB
Date added March 3, 2009
Description cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass
Ransomware campaign use Known
Source publication date March 3, 2009
Exploit type remote
Platform linux
Source update date April 13, 2014
Source URL https://www.securityfocus.com/bid/33962/info
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.9314
EPSS Score 0.09919
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T10:16:56.046925+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0037.json 38.6.0