Lucene search

[email protected]NVD:CVE-2010-2253

HistoryJul 06, 2010 - 5:17 p.m.

CVE-2010-2253

2010-07-0617:17:13

CWE-20

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

Affected configurations

NVD

Node

gisle_aaslibwww-perlMatch0.01

gisle_aaslibwww-perlMatch0.02

gisle_aaslibwww-perlMatch0.03

gisle_aaslibwww-perlMatch0.04

gisle_aaslibwww-perlMatch5.00

gisle_aaslibwww-perlMatch5.01

gisle_aaslibwww-perlMatch5.02

gisle_aaslibwww-perlMatch5.03

gisle_aaslibwww-perlMatch5.04

gisle_aaslibwww-perlMatch5.05

gisle_aaslibwww-perlMatch5.06

gisle_aaslibwww-perlMatch5.07

gisle_aaslibwww-perlMatch5.08

gisle_aaslibwww-perlMatch5.09

gisle_aaslibwww-perlMatch5.10

gisle_aaslibwww-perlMatch5.11

gisle_aaslibwww-perlMatch5.12

gisle_aaslibwww-perlMatch5.13

gisle_aaslibwww-perlMatch5.14

gisle_aaslibwww-perlMatch5.15

gisle_aaslibwww-perlMatch5.16

gisle_aaslibwww-perlMatch5.17

gisle_aaslibwww-perlMatch5.18

gisle_aaslibwww-perlMatch5.18_03

gisle_aaslibwww-perlMatch5.18_04

gisle_aaslibwww-perlMatch5.18_05

gisle_aaslibwww-perlMatch5.19

gisle_aaslibwww-perlMatch5.20

gisle_aaslibwww-perlMatch5.21

gisle_aaslibwww-perlMatch5.22

gisle_aaslibwww-perlMatch5.30

gisle_aaslibwww-perlMatch5.31

gisle_aaslibwww-perlMatch5.32

gisle_aaslibwww-perlMatch5.33

gisle_aaslibwww-perlMatch5.34

gisle_aaslibwww-perlMatch5.35

gisle_aaslibwww-perlMatch5.36

gisle_aaslibwww-perlMatch5.41

gisle_aaslibwww-perlMatch5.42

gisle_aaslibwww-perlMatch5.43

gisle_aaslibwww-perlMatch5.44

gisle_aaslibwww-perlMatch5.45

gisle_aaslibwww-perlMatch5.46

gisle_aaslibwww-perlMatch5.47

gisle_aaslibwww-perlMatch5.48

gisle_aaslibwww-perlMatch5.49

gisle_aaslibwww-perlMatch5.50

gisle_aaslibwww-perlMatch5.51

gisle_aaslibwww-perlMatch5.52

gisle_aaslibwww-perlMatch5.53

gisle_aaslibwww-perlMatch5.53_90

gisle_aaslibwww-perlMatch5.53_91

gisle_aaslibwww-perlMatch5.53_92

gisle_aaslibwww-perlMatch5.53_93

gisle_aaslibwww-perlMatch5.53_94

gisle_aaslibwww-perlMatch5.53_95

gisle_aaslibwww-perlMatch5.53_96

gisle_aaslibwww-perlMatch5.53_97

gisle_aaslibwww-perlMatch5.60

gisle_aaslibwww-perlMatch5.61

gisle_aaslibwww-perlMatch5.62

gisle_aaslibwww-perlMatch5.63

gisle_aaslibwww-perlMatch5.64

gisle_aaslibwww-perlMatch5.65

gisle_aaslibwww-perlMatch5.66

gisle_aaslibwww-perlMatch5.67

gisle_aaslibwww-perlMatch5.68

gisle_aaslibwww-perlMatch5.69

gisle_aaslibwww-perlMatch5.70

gisle_aaslibwww-perlMatch5.71

gisle_aaslibwww-perlMatch5.72

gisle_aaslibwww-perlMatch5.73

gisle_aaslibwww-perlMatch5.74

gisle_aaslibwww-perlMatch5.75

gisle_aaslibwww-perlMatch5.76

gisle_aaslibwww-perlMatch5.77

gisle_aaslibwww-perlMatch5.78

gisle_aaslibwww-perlMatch5.79

gisle_aaslibwww-perlMatch5.800

gisle_aaslibwww-perlMatch5.801

gisle_aaslibwww-perlMatch5.802

gisle_aaslibwww-perlMatch5.803

gisle_aaslibwww-perlMatch5.804

gisle_aaslibwww-perlMatch5.805

gisle_aaslibwww-perlMatch5.806

gisle_aaslibwww-perlMatch5.807

gisle_aaslibwww-perlMatch5.808

gisle_aaslibwww-perlMatch5.810

gisle_aaslibwww-perlMatch5.811

gisle_aaslibwww-perlMatch5.812

gisle_aaslibwww-perlMatch5.813

gisle_aaslibwww-perlMatch5.814

gisle_aaslibwww-perlMatch5.815

gisle_aaslibwww-perlMatch5.816

gisle_aaslibwww-perlMatch5.817

gisle_aaslibwww-perlMatch5.818

gisle_aaslibwww-perlMatch5.819

gisle_aaslibwww-perlMatch5.820

gisle_aaslibwww-perlMatch5.821

gisle_aaslibwww-perlMatch5.822

gisle_aaslibwww-perlMatch5.823

gisle_aaslibwww-perlMatch5.824

gisle_aaslibwww-perlMatch5.825

gisle_aaslibwww-perlMatch5.826

gisle_aaslibwww-perlMatch5.827

gisle_aaslibwww-perlMatch5.828

gisle_aaslibwww-perlMatch5.829

gisle_aaslibwww-perlMatch5.830

gisle_aaslibwww-perlMatch5.831

gisle_aaslibwww-perlMatch5.832

gisle_aaslibwww-perlMatch5.833

gisle_aaslibwww-perlMatch5b5

gisle_aaslibwww-perlMatch5b6

gisle_aaslibwww-perlMatch5b7

gisle_aaslibwww-perlMatch5b8

gisle_aaslibwww-perlMatch5b9

gisle_aaslibwww-perlMatch5b10

gisle_aaslibwww-perlMatch5b11

gisle_aaslibwww-perlMatch5b12

gisle_aaslibwww-perlMatch5b13

search.cpanlibwww-perlRange≤5.834

search.cpanlibwww-perlMatch5.40_01

References

cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes

lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html

marc.info/?l=oss-security&m=127411372529485&w=2

marc.info/?l=oss-security&m=127611288927500&w=2

www.ocert.org/advisories/ocert-2010-001.html

www.ubuntu.com/usn/USN-981-1

www.vupen.com/english/advisories/2010/2872

bugzilla.redhat.com/show_bug.cgi?id=591580

bugzilla.redhat.com/show_bug.cgi?id=602800

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for NVD:CVE-2010-2253

nessus10 cvelist1 securityvulns2 openvas11 ubuntu1 freebsd1 debiancve1 ubuntucve1 cve1 prion1 fedora2 gentoo1