Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes http://www.vuxml.org/freebsd/3a7c5fc4-b50c-11df-977b-ecc31dd8ad06.html
Insight
The following package is affected: p5-libwww
CVE-2010-2253
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Severity
Classification
-
CVE CVE-2010-2253 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities