PT-2013-5003 · Perl+1 · Http-Body+1

Stig Palmquist

Publicado

2013-11-22

Atualizado

2024-06-15

CVE-2013-4407

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HTTP-Body module for Perl versions 1.07 through 1.22

Description The issue allows remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix of a temporary file is well-formed. This is because the HTTP::Body::Multipart function uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file.

Recommendations For versions 1.07 through 1.22, update to version 1.23 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2013-4407

DSA-2801-1

MGASA-2013-0352

MGASA-2024-0127

OPENSUSE-SU-2014_0433-1

OPENSUSE-SU-2024:10492-1

Produtos afetados

Http-Body

Suse

PT-2013-5003 · Perl+1 · Http-Body+1

CVE-2013-4407

Identificadores relacionados

Produtos afetados

Referências · 31