Mojolicious Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running Mojolicious and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgrade to Mojolicious version 1.16 or later. For updates refer to http://www.mojolicious.org/

Insight

The flaw is due to an error in 'Path.pm', which allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

Affected

Mojolicious versions prior to 1.16.

References

http://osvdb.org/71850
http://secunia.com/advisories/44051
http://xforce.iss.net/xforce/xfdb/66830
https://bugzilla.redhat.com/show_bug.cgi?id=697229

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1589

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts2/XWork Remote Command Execution Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Open For Business HTML injection vulnerability
Apache Continuum Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities