CVE-2002-1437

Name of the Vulnerable Software and Affected Versions Perl version 5.003 on Novell NetWare 5.1 and NetWare 6

Description A directory traversal issue exists in the web handler for Perl, allowing remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

Recommendations For Perl version 5.003 on Novell NetWare 5.1 and NetWare 6, consider restricting access to the web handler until a fix is available. As a temporary workaround, avoid using URL-encoded dot-dot backslash sequences in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.