CVE-2011-1589:mojolicious, mojolicious0.999940: Directory traversal vulnerability in Path.pm in Moj...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2011-1589

mojolicious, mojolicious0.999940: Directory traversal vulnerability in Path.pm in Moj...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1589

Original

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2011-04-29

Source Information Category:

Advisory, Alert

Last Updated:

2011-05-02

Affected Product Tags

cpe:/a:mojolicious:mojolicious0.999940

cpe:/a:mojolicious:mojolicious:0.2

cpe:/a:mojolicious:mojolicious:0.3

cpe:/a:mojolicious:mojolicious:0.4

cpe:/a:mojolicious:mojolicious:0.5

cpe:/a:mojolicious:mojolicious:0.6

cpe:/a:mojolicious:mojolicious:0.7

cpe:/a:mojolicious:mojolicious:0.8

cpe:/a:mojolicious:mojolicious:0.8.1

cpe:/a:mojolicious:mojolicious:0.8.2

cpe:/a:mojolicious:mojolicious:0.8.3

cpe:/a:mojolicious:mojolicious:0.8.4

cpe:/a:mojolicious:mojolicious:0.8.5

cpe:/a:mojolicious:mojolicious:0.8006

cpe:/a:mojolicious:mojolicious:0.8007

cpe:/a:mojolicious:mojolicious:0.8008

cpe:/a:mojolicious:mojolicious:0.8009

cpe:/a:mojolicious:mojolicious:0.9

cpe:/a:mojolicious:mojolicious:0.9001

cpe:/a:mojolicious:mojolicious:0.9002

cpe:/a:mojolicious:mojolicious:0.991231

cpe:/a:mojolicious:mojolicious:0.991232

cpe:/a:mojolicious:mojolicious:0.991233

cpe:/a:mojolicious:mojolicious:0.991234

cpe:/a:mojolicious:mojolicious:0.991235

cpe:/a:mojolicious:mojolicious:0.991236

cpe:/a:mojolicious:mojolicious:0.991237

cpe:/a:mojolicious:mojolicious:0.991238

cpe:/a:mojolicious:mojolicious:0.991239

cpe:/a:mojolicious:mojolicious:0.991240

cpe:/a:mojolicious:mojolicious:0.991241

cpe:/a:mojolicious:mojolicious:0.991242

cpe:/a:mojolicious:mojolicious:0.991243

cpe:/a:mojolicious:mojolicious:0.991244

cpe:/a:mojolicious:mojolicious:0.991245

cpe:/a:mojolicious:mojolicious:0.991246

cpe:/a:mojolicious:mojolicious:0.991250

cpe:/a:mojolicious:mojolicious:0.991251

cpe:/a:mojolicious:mojolicious:0.999901

cpe:/a:mojolicious:mojolicious:0.999902

cpe:/a:mojolicious:mojolicious:0.999903

cpe:/a:mojolicious:mojolicious:0.999904

cpe:/a:mojolicious:mojolicious:0.999905

cpe:/a:mojolicious:mojolicious:0.999906

cpe:/a:mojolicious:mojolicious:0.999907

cpe:/a:mojolicious:mojolicious:0.999908

cpe:/a:mojolicious:mojolicious:0.999909

cpe:/a:mojolicious:mojolicious:0.999910

cpe:/a:mojolicious:mojolicious:0.999911

cpe:/a:mojolicious:mojolicious:0.999912

cpe:/a:mojolicious:mojolicious:0.999913

cpe:/a:mojolicious:mojolicious:0.999914

cpe:/a:mojolicious:mojolicious:0.999920

cpe:/a:mojolicious:mojolicious:0.999921

cpe:/a:mojolicious:mojolicious:0.999922

cpe:/a:mojolicious:mojolicious:0.999923

cpe:/a:mojolicious:mojolicious:0.999924

cpe:/a:mojolicious:mojolicious:0.999925

cpe:/a:mojolicious:mojolicious:0.999926

cpe:/a:mojolicious:mojolicious:0.999927

cpe:/a:mojolicious:mojolicious:0.999928

cpe:/a:mojolicious:mojolicious:0.999929

cpe:/a:mojolicious:mojolicious:0.999930

cpe:/a:mojolicious:mojolicious:0.999931

cpe:/a:mojolicious:mojolicious:0.999932

cpe:/a:mojolicious:mojolicious:0.999933

cpe:/a:mojolicious:mojolicious:0.999934

cpe:/a:mojolicious:mojolicious:0.999935

cpe:/a:mojolicious:mojolicious:0.999936

cpe:/a:mojolicious:mojolicious:0.999937

cpe:/a:mojolicious:mojolicious:0.999938

cpe:/a:mojolicious:mojolicious:0.999939

cpe:/a:mojolicious:mojolicious:0.999941

cpe:/a:mojolicious:mojolicious:0.999950

cpe:/a:mojolicious:mojolicious:1.0

cpe:/a:mojolicious:mojolicious:1.01

cpe:/a:mojolicious:mojolicious:1.1

cpe:/a:mojolicious:mojolicious:1.11

cpe:/a:mojolicious:mojolicious:1.12

cpe:/a:mojolicious:mojolicious:1.13

cpe:/a:mojolicious:mojolicious:1.14

cpe:/a:mojolicious:mojolicious:1.15

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 47402

CONFIRM https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=697229

CONFIRM http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz

CONFIRM https://github.com/kraih/mojo/issues/114

CONFIRM http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes

CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952

MISC http://perlninja.posterous.com/sharks-in-the-water

MLIST [oss-security] 20110418 CVE request: Mojolicious

MLIST [oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability

MLIST [oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability

OSVDB 71850

SECUNIA 44051

Vulnerability Type Path Traversal (CWE-22)

XF mojolicious-url-directory-traversal(66830)