Search for vulnerabilities
Vulnerability details: VCID-t73k-aun9-aaaf
Vulnerability ID VCID-t73k-aun9-aaaf
Aliases CVE-2010-3842
Summary Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-30 Path Traversal: 'dir..filename'
System Score Found at
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00325 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.00898 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
epss 0.01801 https://api.first.org/data/v1/epss?cve=CVE-2010-3842
cvssv3.1 High https://curl.se/docs/CVE-2010-3842.html
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2010-3842
Reference id Reference type URL
http://curl.haxx.se/docs/adv_20101013.html
https://api.first.org/data/v1/epss?cve=CVE-2010-3842
https://bugzilla.redhat.com/show_bug.cgi?id=642642
https://curl.se/docs/CVE-2010-3842.html
http://secunia.com/advisories/39532
http://securitytracker.com/id?1024583
http://www.openwall.com/lists/oss-security/2010/10/13/1
http://www.openwall.com/lists/oss-security/2010/10/13/4
http://www.openwall.com/lists/oss-security/2010/10/13/5
cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.0:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.1:*:*:*:*:*:*:*
cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.21.1:*:*:*:*:*:*:*
CVE-2010-3842 https://nvd.nist.gov/vuln/detail/CVE-2010-3842
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-3842
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.70364
EPSS Score 0.00307
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.