63 matches found
openSUSE: Security Advisory for perl-HTTP-Body (openSUSE-SU-2014:0433-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
perl-HTTP-Body: update to 1.19 release with security fixes (important)
perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files...
[SECURITY] [DSA 2801-1] libhttp-body-perl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...
Mandriva Linux Security Advisory : perl-HTTP-Body (MDVSA-2013:282)
Updated perl-HTTP-Body package fixes security vulnerability : Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
ALPINE-CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
DEBIAN-CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
Design/Logic Flaw
HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
CVE-2013-4407
CVE-2013-4407 affects Perl’s HTTP::Body::Multipart in the HTTP-Body module. Vulnerable: Perl HTTP-Body versions 1.07–1.22 (before 1.23) where the code uses the part of the uploaded file name after the first dot as the suffix of a temporary file, which may be misinterpreted by downstream logic tha...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
CVE-2013-4407
HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...
Updated perl-HTTP-Body packages fix CVE-2013-4407
Updated perl-HTTP-Body package fixes security vulnerability: Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...
MGASA-2013-0352 Updated perl-HTTP-Body packages fix CVE-2013-4407
Updated perl-HTTP-Body package fixes security vulnerability: Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...
Debian Patches Flaws in Nginx, Perl Module
Debian has released patches for a pair of security vulnerabilities in the free operating system, including a security bypass flaw in the Nginx Web server. The other vulnerability lies in a Perl module used in the OS. The vulnerability in the HTTP: :Body Perl module could allow an attacker to run...
Debian DSA-2801-1 : libhttp-body-perl - design error
Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart cou...
[SECURITY] [DSA 2801-1] libhttp-body-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2801-1] libhttp-body-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2801-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq -...