Lucene search

RedhatCVE-2013-4407

HistoryNov 23, 2013 - 6:55 p.m.

CVE-2013-4407

2013-11-2318:55:04

redhat

web.nvd.nist.gov

110

cve-2013-4407

http::body::multipart

perl

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.016

Percentile

87.5%

JSON

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file’s name after the first “.” character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Affected configurations

Nvd

Node

http-body_projecthttp-bodyRange≤1.17

http-body_projecthttp-bodyMatch0.01

http-body_projecthttp-bodyMatch0.2

http-body_projecthttp-bodyMatch0.03

http-body_projecthttp-bodyMatch0.4

http-body_projecthttp-bodyMatch0.5

http-body_projecthttp-bodyMatch0.6

http-body_projecthttp-bodyMatch0.7

http-body_projecthttp-bodyMatch0.8

http-body_projecthttp-bodyMatch0.9

http-body_projecthttp-bodyMatch1.00

http-body_projecthttp-bodyMatch1.01

http-body_projecthttp-bodyMatch1.02

http-body_projecthttp-bodyMatch1.03

http-body_projecthttp-bodyMatch1.04

http-body_projecthttp-bodyMatch1.05

http-body_projecthttp-bodyMatch1.06

http-body_projecthttp-bodyMatch1.07

http-body_projecthttp-bodyMatch1.08

http-body_projecthttp-bodyMatch1.09

http-body_projecthttp-bodyMatch1.10

http-body_projecthttp-bodyMatch1.11

http-body_projecthttp-bodyMatch1.12

http-body_projecthttp-bodyMatch1.14

http-body_projecthttp-bodyMatch1.15

http-body_projecthttp-bodyMatch1.16

VendorProductVersionCPE
http-body_projecthttp-body*cpe:2.3:a:http-body_project:http-body:*:*:*:*:*:*:*:*
http-body_projecthttp-body0.01cpe:2.3:a:http-body_project:http-body:0.01:*:*:*:*:*:*:*
http-body_projecthttp-body0.2cpe:2.3:a:http-body_project:http-body:0.2:*:*:*:*:*:*:*
http-body_projecthttp-body0.03cpe:2.3:a:http-body_project:http-body:0.03:*:*:*:*:*:*:*
http-body_projecthttp-body0.4cpe:2.3:a:http-body_project:http-body:0.4:*:*:*:*:*:*:*
http-body_projecthttp-body0.5cpe:2.3:a:http-body_project:http-body:0.5:*:*:*:*:*:*:*
http-body_projecthttp-body0.6cpe:2.3:a:http-body_project:http-body:0.6:*:*:*:*:*:*:*
http-body_projecthttp-body0.7cpe:2.3:a:http-body_project:http-body:0.7:*:*:*:*:*:*:*
http-body_projecthttp-body0.8cpe:2.3:a:http-body_project:http-body:0.8:*:*:*:*:*:*:*
http-body_projecthttp-body0.9cpe:2.3:a:http-body_project:http-body:0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
http-body_project	http-body	*	cpe:2.3:a:http-body_project:http-body::::::::
http-body_project	http-body	0.01	cpe:2.3:a:http-body_project:http-body:0.01:::::::*
http-body_project	http-body	0.2	cpe:2.3:a:http-body_project:http-body:0.2:::::::*
http-body_project	http-body	0.03	cpe:2.3:a:http-body_project:http-body:0.03:::::::*
http-body_project	http-body	0.4	cpe:2.3:a:http-body_project:http-body:0.4:::::::*
http-body_project	http-body	0.5	cpe:2.3:a:http-body_project:http-body:0.5:::::::*
http-body_project	http-body	0.6	cpe:2.3:a:http-body_project:http-body:0.6:::::::*
http-body_project	http-body	0.7	cpe:2.3:a:http-body_project:http-body:0.7:::::::*
http-body_project	http-body	0.8	cpe:2.3:a:http-body_project:http-body:0.8:::::::*
http-body_project	http-body	0.9	cpe:2.3:a:http-body_project:http-body:0.9:::::::*