Summary
The host is installed with Perl and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow attackers to bypass security checks in perl applications that rely on TAINT mode protection functionality.
Impact Level: Application
Solution
Upgrade to Perl version 5.14 or later.
For updates refer to http://www.perl.org/get.html
Insight
The flaw is due to the 'uc()', 'lc()', 'lcfirst()', and 'ucfist()' functions incorrectly laundering tainted data, which can result in the unintended use of potentially malicious data after using these functions.
Affected
Perl version 5.10.x, 5.11.x, 5.12.x to 5.12.3 and 5.13.x to 5.13.11 on Windows.
References
Severity
Classification
-
CVE CVE-2011-1487 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- AOLserver Default Password
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability