PT-2011-1022 · Mojolicious · Mojolicious

Salvatore Bonaccorso

Published

2011-05-03

Updated

2011-08-27

CVE-2010-4803

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mojolicious versions prior to 0.999927

Description The issue is related to the improper implementation of HMAC-MD5 checksums in Mojolicious, which may have an unspecified impact and can be exploited remotely. Additionally, there are multiple vulnerabilities in the libmojolicious-perl package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can also be exploited remotely.

Recommendations For versions prior to 0.999927, update to version 0.999927 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-01469

CVE-2010-4803

DSA-2239-1

Affected Products

Mojolicious

PT-2011-1022 · Mojolicious · Mojolicious

CVE-2010-4803

Weakness Enumeration

Related Identifiers

Affected Products

References · 12