Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2201

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2201
Last Modified 14 Sep 2011 12:00:00
Published 14 Sep 2011 12:05:23
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2201

Summary

The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

Vulnerable Systems

Application

  • Mark Stosberg Data%3a%3aformvalidator 1.10

  • Mark Stosberg Data%3a%3aformvalidator 1.11

  • Mark Stosberg Data%3a%3aformvalidator 1.3

  • Mark Stosberg Data%3a%3aformvalidator 1.4

  • Mark Stosberg Data%3a%3aformvalidator 1.5

  • Mark Stosberg Data%3a%3aformvalidator 1.5.1

  • Mark Stosberg Data%3a%3aformvalidator 1.6

  • Mark Stosberg Data%3a%3aformvalidator 1.7

  • Mark Stosberg Data%3a%3aformvalidator 1.8

  • Mark Stosberg Data%3a%3aformvalidator 1.9

  • Mark Stosberg Data%3a%3aformvalidator 1.91

  • Mark Stosberg Data%3a%3aformvalidator 1.92

  • Mark Stosberg Data%3a%3aformvalidator 1.93

  • Mark Stosberg Data%3a%3aformvalidator 2.00

  • Mark Stosberg Data%3a%3aformvalidator 2.01

  • Mark Stosberg Data%3a%3aformvalidator 2.02

  • Mark Stosberg Data%3a%3aformvalidator 2.03

  • Mark Stosberg Data%3a%3aformvalidator 2.04

  • Mark Stosberg Data%3a%3aformvalidator 2.10

  • Mark Stosberg Data%3a%3aformvalidator 2.11 01

  • Mark Stosberg Data%3a%3aformvalidator 2.11 02

  • Mark Stosberg Data%3a%3aformvalidator 2.11 03

  • Mark Stosberg Data%3a%3aformvalidator 2.11 04

  • Mark Stosberg Data%3a%3aformvalidator 3.00

  • Mark Stosberg Data%3a%3aformvalidator 3.01

  • Mark Stosberg Data%3a%3aformvalidator 3.10

  • Mark Stosberg Data%3a%3aformvalidator 3.11

  • Mark Stosberg Data%3a%3aformvalidator 3.12

  • Mark Stosberg Data%3a%3aformvalidator 3.13

  • Mark Stosberg Data%3a%3aformvalidator 3.14

  • Mark Stosberg Data%3a%3aformvalidator 3.15

  • Mark Stosberg Data%3a%3aformvalidator 3.49 1

  • Mark Stosberg Data%3a%3aformvalidator 3.50

  • Mark Stosberg Data%3a%3aformvalidator 3.51

  • Mark Stosberg Data%3a%3aformvalidator 3.52

  • Mark Stosberg Data%3a%3aformvalidator 3.53

  • Mark Stosberg Data%3a%3aformvalidator 3.54

  • Mark Stosberg Data%3a%3aformvalidator 3.55

  • Mark Stosberg Data%3a%3aformvalidator 3.56

  • Mark Stosberg Data%3a%3aformvalidator 3.57

  • Mark Stosberg Data%3a%3aformvalidator 3.58

  • Mark Stosberg Data%3a%3aformvalidator 3.59

  • Mark Stosberg Data%3a%3aformvalidator 3.60

  • Mark Stosberg Data%3a%3aformvalidator 3.61

  • Mark Stosberg Data%3a%3aformvalidator 3.62

  • Mark Stosberg Data%3a%3aformvalidator 3.63

  • Mark Stosberg Data%3a%3aformvalidator 4.00

  • Mark Stosberg Data%3a%3aformvalidator 4.01

  • Mark Stosberg Data%3a%3aformvalidator 4.02

  • Mark Stosberg Data%3a%3aformvalidator 4.10

  • Mark Stosberg Data%3a%3aformvalidator 4.11

  • Mark Stosberg Data%3a%3aformvalidator 4.12

  • Mark Stosberg Data%3a%3aformvalidator 4.13

  • Mark Stosberg Data%3a%3aformvalidator 4.14

  • Mark Stosberg Data%3a%3aformvalidator 4.20

  • Mark Stosberg Data%3a%3aformvalidator 4.30

  • Mark Stosberg Data%3a%3aformvalidator 4.40

  • Mark Stosberg Data%3a%3aformvalidator 4.49 01

  • Mark Stosberg Data%3a%3aformvalidator 4.50

  • Mark Stosberg Data%3a%3aformvalidator 4.51

  • Mark Stosberg Data%3a%3aformvalidator 4.52

  • Mark Stosberg Data%3a%3aformvalidator 4.53

  • Mark Stosberg Data%3a%3aformvalidator 4.54

  • Mark Stosberg Data%3a%3aformvalidator 4.55

  • Mark Stosberg Data%3a%3aformvalidator 4.56

  • Mark Stosberg Data%3a%3aformvalidator 4.57

  • Mark Stosberg Data%3a%3aformvalidator 4.60

  • Mark Stosberg Data%3a%3aformvalidator 4.61

  • Mark Stosberg Data%3a%3aformvalidator 4.62

  • Mark Stosberg Data%3a%3aformvalidator 4.63

  • Mark Stosberg Data%3a%3aformvalidator 4.65

  • Mark Stosberg Data%3a%3aformvalidator 4.66


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=712694

MLIST - [oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used

MLIST - [oss-security] 20110612 CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used

FEDORA - FEDORA-2011-11680

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511

CONFIRM - https://rt.cpan.org/Public/Bug/Display.html?id=61792

BID - 48167


Last Updated: 27 May 2016 10:56:57