Summary
The host is installed with Perl and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow attackers to bypass security checks in perl applications that rely on TAINT mode protection functionality.
Impact Level: Application
Solution
Upgrade to Perl version 5.14 or later.
For updates refer to http://www.perl.org/get.html
Insight
The flaw is due to the 'uc()', 'lc()', 'lcfirst()', and 'ucfist()' functions incorrectly laundering tainted data, which can result in the unintended use of potentially malicious data after using these functions.
Affected
Perl version 5.10.x, 5.11.x, 5.12.x to 5.12.3 and 5.13.x to 5.13.11 on Windows.
References
Severity
Classification
-
CVE CVE-2011-1487 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari Web Script Execution Vulnerabilites - June09
- Adobe Flash Media Server Video Stream Capture Security Issue
- Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)