Vulnerabilities

CVE-2012-0036

by Fred · 13/04/2012

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

Date published : 2012-04-13

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://www.securityfocus.com/bid/51665

Similar

Tags: Cybersecurity Alert