Lucene search

K

MitreCVELIST:CVE-2010-2253

HistoryJul 06, 2010 - 2:00 p.m.

CVE-2010-2253

2010-07-0614:00:00

mitre

www.cve.org

5

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

73.5%

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

References

cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes

lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html

marc.info/?l=oss-security&m=127411372529485&w=2

marc.info/?l=oss-security&m=127611288927500&w=2

www.ocert.org/advisories/ocert-2010-001.html

www.ubuntu.com/usn/USN-981-1

www.vupen.com/english/advisories/2010/2872

bugzilla.redhat.com/show_bug.cgi?id=591580

bugzilla.redhat.com/show_bug.cgi?id=602800

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

73.5%

Related for CVELIST:CVE-2010-2253

freebsd1 debiancve1 nessus10 openvas11 ubuntu1 securityvulns2 fedora2 nvd1 ubuntucve1 prion1 cve1 gentoo1