Lucene search
Debian Security Advisory DSA 371-1 (perl)
🗓️ 17 Jan 2008 00:00:00Reported by Copyright (C) 2008 E-Soft Inc.Type 
openvas🔗 plugins.openvas.org👁 21 Views
Debian Security Advisory DSA 371-1 (perl) describes a cross-site scripting vulnerability in the start_form() function in CGI.pm, allowing remote execution of arbitrary web script in the context of the generated page. The issue is fixed in perl package version 5.6.1-8.3 and 5.8.0-19. It is recommended to update the perl package
Show more
| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
 | CVE-2003-0615 | 1 Aug 200304:00 | – | cvelist |
 | DSA-371 perl - cross-site scripting | 11 Aug 200300:00 | – | osv |
| CVE-2003-0615 | 27 Aug 200304:00 | – | osv |
 | CVE-2003-0615 | 27 Aug 200304:00 | – | nvd |
 | CVE-2003-0615 | 27 Aug 200304:00 | – | debiancve |
| Debian Security Advisory DSA 371-1 (perl) | 17 Jan 200800:00 | – | openvas |
| Solaris Update for perl 122092-01 | 3 Jun 200900:00 | – | openvas |
| Solaris Update for perl 122092-01 | 3 Jun 200900:00 | – | openvas |
| Solaris Update for S9 perl 5.005_03`s CGI.pm and Safe.pm modules 121996-01 | 3 Jun 200900:00 | – | openvas |
| Solaris Update for perl 122091-01 | 3 Jun 200900:00 | – | openvas |
10
| Source | Link |
|---|---|
| secure1 | www.secure1.securityspace.com/smysecure/catid.html |
| securityfocus | www.securityfocus.com/bid/8231 |
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53659");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2003-0615");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("Debian Security Advisory DSA 371-1 (perl)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20371-1");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/8231");
script_tag(name:"insight", value:"A cross-site scripting vulnerability exists in the start_form()
function in CGI.pm. This function outputs user-controlled data into
the action attribute of a form element without sanitizing it, allowing
a remote user to execute arbitrary web script within the context of
the generated page. Any program which uses this function in the
CGI.pm module may be affected.
For the current stable distribution (woody) this problem has been fixed
in version 5.6.1-8.3.
For the unstable distribution (sid) this problem has been fixed in
version 5.8.0-19.
We recommend that you update your perl package.");
script_tag(name:"summary", value:"The remote host is missing an update to perl
announced via advisory DSA 371-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"libcgi-fast-perl", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"perl-doc", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"perl-modules", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libperl-dev", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libperl5.6", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"perl", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"perl-base", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"perl-debug", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"perl-suid", ver:"5.6.1-8.3", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Jan 2008 00:00Current
7High risk
Vulners AI Score7
CVSS24.3
EPSS0.07248