Lucene search

K
mageiaGentoo FoundationMGASA-2014-0098
HistoryFeb 26, 2014 - 1:42 a.m.

Updated perl-CGI-Application packages fix CVE-2013-7329

2014-02-2601:42:12
Gentoo Foundation
advisories.mageia.org
24

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.005

Percentile

76.9%

Updated perl-CGI-Application package fixes security vulnerability: When applications using CGI::Application overload setup(), which is normally the case, CGI::Application since version 4.19 has dump_html as a default run-mode unless the application explicitly redefines it. This unexpectedly dumps a complete set of web query data and server environment information as an error page, thus leaking information (CVE-2013-7329).

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.005

Percentile

76.9%