CPANSA-HTTP-Body-2013-4407: HTTP-Body vulnerability

Publisher giterlizzi Document category csaf_security_advisory
Initial release date 2013-09-02T00:00:00 Engine CSAF Perl Toolkit 0.25
Current release date 2013-09-02T00:00:00 Build Date
Current version 1 Status final
CVSS v3.1 Base Score Severity Moderate
Original language Language en
Also referred to

Vulnerability Description

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.22, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Vulnerabilities

CVE-2013-4407

Vulnerability Description

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Product status

Known affected
Product Score
HTTP-Body greater than or equal 1.08 and less than 1.23
CVSS Version CVSS Vector CVSS Base Score CVSS Base Severity
2.0 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 Medium
Fixed

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

Revision history

Version Date of the revision Summary of the revision
1 Mon Sep 2 00:00:00 2013 First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/