VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信
[ about VRDA Feed | JPCERT/CC



 
分析対象脆弱性情報 (リビジョン番号 : 2) [ Download XML
CVE-2011-1589
mojolicious: Directory traversal vulnerability in Path.pm in Moj...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1589

原文

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

翻訳   (表示)





この情報について
分析情報提供元:
NIST NVD
初版公開日:
2011-04-29
分析対象脆弱性情報の分類:
アドバイザリ・注意喚起
最終更新日:
2011-05-03




脆弱性の影響を受ける製品の識別子
cpe:/a:mojolicious:mojolicious:0.2
cpe:/a:mojolicious:mojolicious:0.3
cpe:/a:mojolicious:mojolicious:0.4
cpe:/a:mojolicious:mojolicious:0.5
cpe:/a:mojolicious:mojolicious:0.6
cpe:/a:mojolicious:mojolicious:0.7
cpe:/a:mojolicious:mojolicious:0.8
cpe:/a:mojolicious:mojolicious:0.8.1
cpe:/a:mojolicious:mojolicious:0.8.2
cpe:/a:mojolicious:mojolicious:0.8.3
cpe:/a:mojolicious:mojolicious:0.8.4
cpe:/a:mojolicious:mojolicious:0.8.5
cpe:/a:mojolicious:mojolicious:0.8006
cpe:/a:mojolicious:mojolicious:0.8007
cpe:/a:mojolicious:mojolicious:0.8008
cpe:/a:mojolicious:mojolicious:0.8009
cpe:/a:mojolicious:mojolicious:0.9
cpe:/a:mojolicious:mojolicious:0.9001
cpe:/a:mojolicious:mojolicious:0.9002
cpe:/a:mojolicious:mojolicious:0.991231
cpe:/a:mojolicious:mojolicious:0.991232
cpe:/a:mojolicious:mojolicious:0.991233
cpe:/a:mojolicious:mojolicious:0.991234
cpe:/a:mojolicious:mojolicious:0.991235
cpe:/a:mojolicious:mojolicious:0.991236
cpe:/a:mojolicious:mojolicious:0.991237
cpe:/a:mojolicious:mojolicious:0.991238
cpe:/a:mojolicious:mojolicious:0.991239
cpe:/a:mojolicious:mojolicious:0.991240
cpe:/a:mojolicious:mojolicious:0.991241
cpe:/a:mojolicious:mojolicious:0.991242
cpe:/a:mojolicious:mojolicious:0.991243
cpe:/a:mojolicious:mojolicious:0.991244
cpe:/a:mojolicious:mojolicious:0.991245
cpe:/a:mojolicious:mojolicious:0.991246
cpe:/a:mojolicious:mojolicious:0.991250
cpe:/a:mojolicious:mojolicious:0.991251
cpe:/a:mojolicious:mojolicious:0.999901
cpe:/a:mojolicious:mojolicious:0.999902
cpe:/a:mojolicious:mojolicious:0.999903
cpe:/a:mojolicious:mojolicious:0.999904
cpe:/a:mojolicious:mojolicious:0.999905
cpe:/a:mojolicious:mojolicious:0.999906
cpe:/a:mojolicious:mojolicious:0.999907
cpe:/a:mojolicious:mojolicious:0.999908
cpe:/a:mojolicious:mojolicious:0.999909
cpe:/a:mojolicious:mojolicious:0.999910
cpe:/a:mojolicious:mojolicious:0.999911
cpe:/a:mojolicious:mojolicious:0.999912
cpe:/a:mojolicious:mojolicious:0.999913
cpe:/a:mojolicious:mojolicious:0.999914
cpe:/a:mojolicious:mojolicious:0.999920
cpe:/a:mojolicious:mojolicious:0.999921
cpe:/a:mojolicious:mojolicious:0.999922
cpe:/a:mojolicious:mojolicious:0.999923
cpe:/a:mojolicious:mojolicious:0.999924
cpe:/a:mojolicious:mojolicious:0.999925
cpe:/a:mojolicious:mojolicious:0.999926
cpe:/a:mojolicious:mojolicious:0.999927
cpe:/a:mojolicious:mojolicious:0.999928
cpe:/a:mojolicious:mojolicious:0.999929
cpe:/a:mojolicious:mojolicious:0.999930
cpe:/a:mojolicious:mojolicious:0.999931
cpe:/a:mojolicious:mojolicious:0.999932
cpe:/a:mojolicious:mojolicious:0.999933
cpe:/a:mojolicious:mojolicious:0.999934
cpe:/a:mojolicious:mojolicious:0.999935
cpe:/a:mojolicious:mojolicious:0.999936
cpe:/a:mojolicious:mojolicious:0.999937
cpe:/a:mojolicious:mojolicious:0.999938
cpe:/a:mojolicious:mojolicious:0.999939
cpe:/a:mojolicious:mojolicious:0.999940
cpe:/a:mojolicious:mojolicious:0.999941
cpe:/a:mojolicious:mojolicious:0.999950
cpe:/a:mojolicious:mojolicious:1.0
cpe:/a:mojolicious:mojolicious:1.01
cpe:/a:mojolicious:mojolicious:1.1
cpe:/a:mojolicious:mojolicious:1.11
cpe:/a:mojolicious:mojolicious:1.12
cpe:/a:mojolicious:mojolicious:1.13
cpe:/a:mojolicious:mojolicious:1.14
cpe:/a:mojolicious:mojolicious:1.15
 


脆弱性の分析内容
[攻撃元区分]  [?]
未評価 [?]

ローカル [?]
隣接 [?]
X ネットワーク [?]

[攻撃条件の複雑さ]  [?]
未評価 [?]

 [?]
 [?]
X [?]

[攻撃前の認証要否]  [?]
未評価 [?]

複数 [?]
単一 [?]
X 不要 [?]

[機密性への影響]  [?]
未評価 [?]

影響なし [?]
X 部分的 [?]
全面的 [?]

[完全性への影響]  [?]
未評価 [?]

X 影響なし [?]
部分的 [?]
全面的 [?]

[可用性への影響]  [?]
未評価 [?]

X 影響なし [?]
部分的 [?]
全面的 [?]

関連情報




参考情報
BID 47402




CONFIRM https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=697229




CONFIRM http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz




CONFIRM https://github.com/kraih/mojo/issues/114




CONFIRM http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes




CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952




MISC http://perlninja.posterous.com/sharks-in-the-water




MLIST [oss-security] 20110418 CVE request: Mojolicious




MLIST [oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability




MLIST [oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability




OSVDB 71850




SECUNIA 44051




Vulnerability Type Path Traversal (CWE-22)




XF mojolicious-url-directory-traversal(66830)





Copyright © 2011 JPCERT/CC All Rights Reserved.