CVE-2010-4802:mojolicious: Commands.pm in Mojolicious before 0.999928 does not...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4802

mojolicious: Commands.pm in Mojolicious before 0.999928 does not...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4802

Original

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2011-05-03

Source Information Category:

Advisory, Alert

Last Updated:

2011-05-03

Affected Product Tags

cpe:/a:mojolicious:mojolicious:0.2

cpe:/a:mojolicious:mojolicious:0.3

cpe:/a:mojolicious:mojolicious:0.4

cpe:/a:mojolicious:mojolicious:0.5

cpe:/a:mojolicious:mojolicious:0.6

cpe:/a:mojolicious:mojolicious:0.7

cpe:/a:mojolicious:mojolicious:0.8

cpe:/a:mojolicious:mojolicious:0.8.1

cpe:/a:mojolicious:mojolicious:0.8.2

cpe:/a:mojolicious:mojolicious:0.8.3

cpe:/a:mojolicious:mojolicious:0.8.4

cpe:/a:mojolicious:mojolicious:0.8.5

cpe:/a:mojolicious:mojolicious:0.8006

cpe:/a:mojolicious:mojolicious:0.8007

cpe:/a:mojolicious:mojolicious:0.8008

cpe:/a:mojolicious:mojolicious:0.8009

cpe:/a:mojolicious:mojolicious:0.9

cpe:/a:mojolicious:mojolicious:0.9001

cpe:/a:mojolicious:mojolicious:0.9002

cpe:/a:mojolicious:mojolicious:0.991231

cpe:/a:mojolicious:mojolicious:0.991232

cpe:/a:mojolicious:mojolicious:0.991233

cpe:/a:mojolicious:mojolicious:0.991234

cpe:/a:mojolicious:mojolicious:0.991235

cpe:/a:mojolicious:mojolicious:0.991236

cpe:/a:mojolicious:mojolicious:0.991237

cpe:/a:mojolicious:mojolicious:0.991238

cpe:/a:mojolicious:mojolicious:0.991239

cpe:/a:mojolicious:mojolicious:0.991240

cpe:/a:mojolicious:mojolicious:0.991241

cpe:/a:mojolicious:mojolicious:0.991242

cpe:/a:mojolicious:mojolicious:0.991243

cpe:/a:mojolicious:mojolicious:0.991244

cpe:/a:mojolicious:mojolicious:0.991245

cpe:/a:mojolicious:mojolicious:0.991246

cpe:/a:mojolicious:mojolicious:0.991250

cpe:/a:mojolicious:mojolicious:0.991251

cpe:/a:mojolicious:mojolicious:0.999901

cpe:/a:mojolicious:mojolicious:0.999902

cpe:/a:mojolicious:mojolicious:0.999903

cpe:/a:mojolicious:mojolicious:0.999904

cpe:/a:mojolicious:mojolicious:0.999905

cpe:/a:mojolicious:mojolicious:0.999906

cpe:/a:mojolicious:mojolicious:0.999907

cpe:/a:mojolicious:mojolicious:0.999908

cpe:/a:mojolicious:mojolicious:0.999909

cpe:/a:mojolicious:mojolicious:0.999910

cpe:/a:mojolicious:mojolicious:0.999911

cpe:/a:mojolicious:mojolicious:0.999912

cpe:/a:mojolicious:mojolicious:0.999913

cpe:/a:mojolicious:mojolicious:0.999914

cpe:/a:mojolicious:mojolicious:0.999920

cpe:/a:mojolicious:mojolicious:0.999921

cpe:/a:mojolicious:mojolicious:0.999922

cpe:/a:mojolicious:mojolicious:0.999923

cpe:/a:mojolicious:mojolicious:0.999924

cpe:/a:mojolicious:mojolicious:0.999925

cpe:/a:mojolicious:mojolicious:0.999926

cpe:/a:mojolicious:mojolicious:0.999927 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a

CONFIRM https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44

CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952

CONFIRM http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes

Vulnerability Type Input Validation (CWE-20)