CVE-2011-1487
CVE-2011-1487
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/35554no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://openwall.com/lists/oss-security/2011/04/01/3http://openwall.com/lists/oss-security/2011/04/04/35http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336https://bugzilla.redhat.com/show_bug.cgi?id=692844https://bugzilla.redhat.com/show_bug.cgi?id=692898http://secunia.com/advisories/43921http://secunia.com/advisories/44168https://exchange.xforce.ibmcloud.com/vulnerabilities/66528