Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1589

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1589
Last Modified 11 May 2011 03:25:36
Published 29 Apr 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1589

Summary

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

Vulnerable Systems

Application

  • Mojolicious 0.2

  • Mojolicious 0.3

  • Mojolicious 0.4

  • Mojolicious 0.5

  • Mojolicious 0.6

  • Mojolicious 0.7

  • Mojolicious 0.8

  • Mojolicious 0.8.1

  • Mojolicious 0.8.2

  • Mojolicious 0.8.3

  • Mojolicious 0.8.4

  • Mojolicious 0.8.5

  • Mojolicious 0.8006

  • Mojolicious 0.8007

  • Mojolicious 0.8008

  • Mojolicious 0.8009

  • Mojolicious 0.9

  • Mojolicious 0.9001

  • Mojolicious 0.9002

  • Mojolicious 0.991231

  • Mojolicious 0.991232

  • Mojolicious 0.991233

  • Mojolicious 0.991234

  • Mojolicious 0.991235

  • Mojolicious 0.991236

  • Mojolicious 0.991237

  • Mojolicious 0.991238

  • Mojolicious 0.991239

  • Mojolicious 0.991240

  • Mojolicious 0.991241

  • Mojolicious 0.991242

  • Mojolicious 0.991243

  • Mojolicious 0.991244

  • Mojolicious 0.991245

  • Mojolicious 0.991246

  • Mojolicious 0.991250

  • Mojolicious 0.991251

  • Mojolicious 0.999901

  • Mojolicious 0.999902

  • Mojolicious 0.999903

  • Mojolicious 0.999904

  • Mojolicious 0.999905

  • Mojolicious 0.999906

  • Mojolicious 0.999907

  • Mojolicious 0.999908

  • Mojolicious 0.999909

  • Mojolicious 0.999910

  • Mojolicious 0.999911

  • Mojolicious 0.999912

  • Mojolicious 0.999913

  • Mojolicious 0.999914

  • Mojolicious 0.999920

  • Mojolicious 0.999921

  • Mojolicious 0.999922

  • Mojolicious 0.999923

  • Mojolicious 0.999924

  • Mojolicious 0.999925

  • Mojolicious 0.999926

  • Mojolicious 0.999927

  • Mojolicious 0.999928

  • Mojolicious 0.999929

  • Mojolicious 0.999930

  • Mojolicious 0.999931

  • Mojolicious 0.999932

  • Mojolicious 0.999933

  • Mojolicious 0.999934

  • Mojolicious 0.999935

  • Mojolicious 0.999936

  • Mojolicious 0.999937

  • Mojolicious 0.999938

  • Mojolicious 0.999939

  • Mojolicious 0.999940

  • Mojolicious 0.999941

  • Mojolicious 0.999950

  • Mojolicious 1.0

  • Mojolicious 1.01

  • Mojolicious 1.1

  • Mojolicious 1.11

  • Mojolicious 1.12

  • Mojolicious 1.13

  • Mojolicious 1.14

  • Mojolicious 1.15


References

CONFIRM - https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=697229

CONFIRM - http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz

MLIST - [oss-security] 20110418 CVE request: Mojolicious

MLIST - [oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability

CONFIRM - https://github.com/kraih/mojo/issues/114

XF - mojolicious-url-directory-traversal(66830)

VUPEN - ADV-2011-1093

VUPEN - ADV-2011-1072

BID - 47402

OSVDB - 71850

DEBIAN - DSA-2221

SECUNIA - 44359

SECUNIA - 44051

MISC - http://perlninja.posterous.com/sharks-in-the-water

MLIST - [oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability

FEDORA - FEDORA-2011-5505

FEDORA - FEDORA-2011-5504

CONFIRM - http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952


Last Updated: 27 May 2016 10:56:23