Active Perl Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Active Perl and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attackers to cause denial of service (memory consumption) via specially-crafted hash key. Impact Level: Application

Solution

Upgrade to Active Perl version 5.16.3 or 5.14.4 or later, For updates refer to http://www.perl.org/get.html

Insight

Flaw is due to an error when rehashing user-supplied input.

Affected

Active Perl versions 5.8.2 before 5.14.4 and 5.15 before 5.16.3 on Windows

References

http://osvdb.org/90892
http://perlnews.org/2013/03/perl-5-16-3-and-5-14-4-just-released
http://perlnews.org/2013/03/rehashing-flaw
http://secunia.com/advisories/52472
http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1667

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

cfengine AuthenticationDialogue vulnerability
Apple QuickTime Multiple Vulnerabilities - Jun09
CiscoKits CCNA TFTP Server 'Write' Command Denial Of Service Vulnerability
CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows)
CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities

Active Perl Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities