Lucene search

K
nvd[email protected]NVD:CVE-2011-1487
HistoryApr 11, 2011 - 6:55 p.m.

CVE-2011-1487

2011-04-1118:55:03
CWE-264
web.nvd.nist.gov
12

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.017

Percentile

87.8%

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Affected configurations

Nvd
Node
perlperlMatch5.10.0
OR
perlperlMatch5.10.0rc1
OR
perlperlMatch5.10.0rc2
OR
perlperlMatch5.10.1
OR
perlperlMatch5.10.1rc1
OR
perlperlMatch5.10.1rc2
Node
perlperlMatch5.13.0
OR
perlperlMatch5.13.1
OR
perlperlMatch5.13.2
OR
perlperlMatch5.13.3
OR
perlperlMatch5.13.4
OR
perlperlMatch5.13.5
OR
perlperlMatch5.13.6
OR
perlperlMatch5.13.7
OR
perlperlMatch5.13.8
OR
perlperlMatch5.13.9
OR
perlperlMatch5.13.10
OR
perlperlMatch5.13.11
Node
perlperlMatch5.11.0
OR
perlperlMatch5.11.1
OR
perlperlMatch5.11.2
OR
perlperlMatch5.11.3
OR
perlperlMatch5.11.4
OR
perlperlMatch5.11.5
Node
perlperlMatch5.12.0
OR
perlperlMatch5.12.0rc0
OR
perlperlMatch5.12.0rc1
OR
perlperlMatch5.12.0rc2
OR
perlperlMatch5.12.0rc3
OR
perlperlMatch5.12.0rc4
OR
perlperlMatch5.12.0rc5
OR
perlperlMatch5.12.1
OR
perlperlMatch5.12.1rc1
OR
perlperlMatch5.12.1rc2
OR
perlperlMatch5.12.2
OR
perlperlMatch5.12.2rc1
OR
perlperlMatch5.12.3
OR
perlperlMatch5.12.3rc1
OR
perlperlMatch5.12.3rc2
OR
perlperlMatch5.12.3rc3
VendorProductVersionCPE
perlperl5.10.0cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
perlperl5.10.0cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*
perlperl5.10.0cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*
perlperl5.10.1cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
perlperl5.10.1cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*
perlperl5.10.1cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*
perlperl5.13.0cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*
perlperl5.13.1cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*
perlperl5.13.2cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*
perlperl5.13.3cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*
Rows per page:
1-10 of 401

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.017

Percentile

87.8%