[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1487Date: (C)2011-04-11   (M)2023-12-22


The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-43921
SECUNIA-44168
BID-47124
DSA-2265
FEDORA-2011-4610
FEDORA-2011-4631
MDVSA-2011:091
SUSE-SR:2011:009
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
perl-laundering-security-bypass(66528)

CPE    40
cpe:/a:perl:perl:5.11.2
cpe:/a:perl:perl:5.12.1
cpe:/a:perl:perl:5.12.3:rc3
cpe:/a:perl:perl:5.13.0
...
CWE    1
CWE-264
OVAL    7
oval:org.secpod.oval:def:1504200
oval:org.secpod.oval:def:301020
oval:org.secpod.oval:def:700486
oval:org.secpod.oval:def:500203
...

© SecPod Technologies