4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.011 Low
EPSS
Percentile
84.3%
A vulnerability in the Common Gateway Interface (CGI) Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system.
The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers such as HTTP servers. The standard Perl distribution and many vendor’s repackaged Perl systems include a CGI library known as CGI.pm. This module offers a set of functions for creating fill-out forms, among other things.
Some versions of the CGI.pm module contain a vulnerability in handling of the action
in the start_form()
and start_multipart_form()
functions. When the action
for the form is not specified, a default based on the user-supplied URL is used. Because the value of this expression is not sanitized by the module before processing and contains user-supplied data or data received from untrustworthy sources, a remote attacker may be able to inject HTML or malicious script. A user of the vulnerable site or web application may then be tricked into interpreting the HTML or executing the script in a situation where they normally might not.
The victim will be presented with information that the vulnerable site did not wish their visitors to be subjected to. This could be used to “sniff” sensitive data from within the web page, including passwords, credit card numbers, and any arbitrary information the user inputs. This exploitation vector is commonly referred to as a cross-site scripting attack.
Apply a patch from the vendor
Versions 2.94 and later of the CGI.pm module contain a fix for this vulnerability. Please see the vendor section of this document for further details.
246409
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 30, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
`- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : perl SUMMARY : CGI.pm cross site scripting vulnerability DATE : 2003-07-29 14:53:00 ID : CLA-2003:713 RELEVANT RELEASES : 8, 9
- -------------------------------------------------------------------------
`DESCRIPTION
Perl is a high-level interpreted programming language well known for
its flexibility and ability to work with text streams.
[email protected] reported[1] a cross site scripting
vulnerability in the CGI.pm perl module. This module is used to
facilitate the creation of web forms and is part of the perl-modules
RPM package.`
`SOLUTION
It is recommended that all users of the CGI.pm module upgrade their
packages.
REFERENCES
UPDATED PACKAGES <ftp://atualizacoes.conectiva.com.br/8/SRPMS/perl-5.6.1-19U80_1cl.src.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/miniperl-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-base-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-devel-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-devel-static-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-doc-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-lib-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-modules-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/8/RPMS/perl-utils-5.6.1-19U80_1cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/SRPMS/perl-5.8.0-28837U90_2cl.src.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/libperl5.8-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/miniperl-5.8.0-28837U90_2cl.i386.rpm>
<ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-base-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-devel-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-devel-static-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-doc-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-modules-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-suidperl-5.8.0-28837U90_2cl.i386.rpm> <ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-utils-5.8.0-28837U90_2cl.i386.rpm>
ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades:
` - run: apt-get update
Detailed instructions reagarding the use of apt and upgrade examples can be found at <http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en>
- ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at <http://distro.conectiva.com.br/seguranca/chave/?idioma=en> Instructions on how to check the signatures of the RPM packages can be found at <http://distro.conectiva.com.br/seguranca/politica/?idioma=en>
- ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at <http://distro.conectiva.com.br/atualizacoes/?idioma=en>
- ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. <http://www.conectiva.com>
- ------------------------------------------------------------------------- subscribe: [email protected] unsubscribe: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see <http://www.gnupg.org>
iD8DBQE/JrTl42jd0JmAcZARAtRNAJ4uB+6hcCH4ZgrT48bZDKAfAepEIACZAY1g FFwRu7idOx17DAywH+M8UKA= =z88h -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
Updated: August 21, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Debian Security Team has released Debian Security Advisory DSA-371 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Updated: October 07, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Versions 2.94 and later of the CGI.pm module contain a patch for this vulnerability. The primary distribution site for CGI.pm is
<<http://stein.cshl.org/WWW/software/CGI/>>
Users building the Perl system or CGI.pm from source code are encouraged to get an updated version of the software. Users of prepackaged versions of the Perl system are encouraged to check the Vendors section of this Vulnerability Note for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Updated: September 02, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
MandrakeSoft has released Mandrake Linux Security Update Advisory MDKSA-2003:084 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Updated: September 02, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The OpenBSD development team committed a patch for this vulnerability into their source code repository on 2003-07-23 and into the OPENBSD_3_2 and OPENBSD_3_3 branches on 2003-08-19:
http://marc.theaimsgroup.com/?l=openbsd-cvs&m=105892463517131&w=2
http://marc.theaimsgroup.com/?l=openbsd-cvs&m=106131738919399&w=2
http://marc.theaimsgroup.com/?l=openbsd-cvs&m=106131742419423&w=2
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Updated: October 07, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The OpenPKG Security Team has released OpenPKG Security Advisories OpenPKG-SA-2003.036 and OpenPKG-SA-2003.039 in response to this issue. Users are encouraged to review these advisories and apply the patches they refer to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Updated: October 07, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. has released Red Hat Security Advisory RHSA-2003:256 in response to this issue. Users are encouraged to review this advisory and apply the patches that it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Updated: November 13, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject:OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Perl cross-site scripting vulnerability. Advisory number: CSSA-2003-SCO.30 Issue date: 2003 November 06 Cross reference:sr883606 fz528215 erg712409 ______________________________________________________________________________
1. Problem Description
Perl is a high-level interpreted programming language well known for its flexibility and ability to work with text streams.
Obscure^ ([email protected]) reported a cross site scripting vulnerability in the CGI.pm perl module. This module is used to facilitate the creation of web forms and is part of the perl-modules RPM package.
2. Vulnerable Supported Versions
OpenServer 5.0.7 Perl distribution
OpenServer 5.0.6Perl distribution
OpenServer 5.0.5 Perl distribution`
3. Solution
The proper solution is to install the latest packages.
`4. OpenServer 5.0.7
4.1 First install Maintenance Pack 1
<ftp://ftp.sco.com/pub/openserver5/507/osr507mp/>`
4.2 Next install gxwlibs
<ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29>
4.2 Location of Fixed Binaries
<ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30>
4.3 Verification
MD5 (VOL.000.000) = af4167c4c52e3af6dcc94289807b008e MD5 (VOL.000.001) = 2129b31fbde991c7ecdba826de8fc4b1 MD5 (VOL.000.002) = a6ee80a4f937f985dbe4eb247e98d350 MD5 (VOL.000.003) = b84437579b43fa8cc57ff8936490543d
md5 is available for download from <ftp://ftp.sco.com/pub/security/tools>
4.4 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.
5. OpenServer 5.0.6 / OpenServer 5.0.5
`5.1 First install OSS646B - Execution Environment Supplement
<ftp://ftp.sco.com/pub/openserver5/oss646b>`
5.2 Next install gwxlibs
<ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29>
5.3 Location of Fixed Binaries
<ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30>
5.4 Verification
MD5 (VOL.000.000) = af4167c4c52e3af6dcc94289807b008e MD5 (VOL.000.001) = 2129b31fbde991c7ecdba826de8fc4b1 MD5 (VOL.000.002) = a6ee80a4f937f985dbe4eb247e98d350 MD5 (VOL.000.003) = b84437579b43fa8cc57ff8936490543d
md5 is available for download from <ftp://ftp.sco.com/pub/security/tools>
5.5 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.
6. References
Specific references for this advisory: <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615> [http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2](<http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2>) <http://eyeonsecurity.org/advisories/CGI.pm/adv.html>
SCO security resources: <http://www.sco.com/support/security/index.html>
This security fix closes SCO incidents sr883606 fz528215 erg712409.
7. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
8. Acknowledgments
SCO would like to thank Obscure^ for reporting this issue. ______________________________________________________________________________
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/qve+aqoBO7ipriERAqUtAJ9MBKogbCSdqJ8UrBA6YDmu2dXosQCgiaI9 LzUtvWmI6sIIeitugMgsyRg= =2/ex -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Updated: February 11, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems has published Sun Alert ID #57473 in response to this issue. Users are encouraged to review this bulletin and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23246409 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Obscure for reporting this vulnerability.
This document was written by Chad R Dougherty with feedback from Sean Levy.
CVE IDs: | CVE-2003-0615 |
---|---|
Severity Metric: | 15.00 Date Public: |