Computer Security
[EN] securityvulns.ru no-pyccku


libwww-perl directory traversal
Published:02.09.2010
Source:
SecurityVulns ID:11110
Type:library
Threat Level:
6/10
Description:Directory traversal on file downloading in lwp-download.
Affected:PERL : libwww-perl 5.834
CVE:CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.)
Original documentdocumentsecurity_(at)_mandriva.com, [ MDVSA-2010:167 ] perl-libwww-perl (02.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod