Computer Security
[EN] securityvulns.ru no-pyccku


HTTP::Body code execution
Published:26.11.2013
Source:
SecurityVulns ID:13426
Type:library
Threat Level:
5/10
Description:Unsafe temporary files creation.
Affected:PERL : HTTP-Body 1.17
CVE:CVE-2013-4407 (HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2801-1] libhttp-body-perl security update (26.11.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod