National Cyber Awareness System

Vulnerability Summary for CVE-2011-1589

Overview

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818

Type: Patch Information

Hyperlink:https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=697229

Type: Patch Information; Exploit

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=697229

External Source: CONFIRM

Name: http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz

Type: Patch Information

Hyperlink:http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz

External Source: MLIST

Name: [oss-security] 20110418 CVE request: Mojolicious

Type: Patch Information; Exploit

Hyperlink:http://openwall.com/lists/oss-security/2011/04/18/3

External Source: MLIST

Name: [oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability

Type: Patch Information; Exploit

Hyperlink:http://openwall.com/lists/oss-security/2011/04/17/1

External Source: CONFIRM

Name: https://github.com/kraih/mojo/issues/114

Hyperlink:https://github.com/kraih/mojo/issues/114

External Source: XF

Name: mojolicious-url-directory-traversal(66830)

Hyperlink:http://xforce.iss.net/xforce/xfdb/66830

External Source: VUPEN

Name: ADV-2011-1093

Hyperlink:http://www.vupen.com/english/advisories/2011/1093

External Source: VUPEN

Name: ADV-2011-1072

Hyperlink:http://www.vupen.com/english/advisories/2011/1072

External Source: BID

Name: 47402

Hyperlink:http://www.securityfocus.com/bid/47402

External Source: OSVDB

Name: 71850

Hyperlink:http://www.osvdb.org/71850

External Source: DEBIAN

Name: DSA-2221

Hyperlink:http://www.debian.org/security/2011/dsa-2221

External Source: SECUNIA

Name: 44359

Hyperlink:http://secunia.com/advisories/44359

External Source: SECUNIA

Name: 44051

Type: Advisory

Hyperlink:http://secunia.com/advisories/44051

External Source: MISC

Name: http://perlninja.posterous.com/sharks-in-the-water

Hyperlink:http://perlninja.posterous.com/sharks-in-the-water

External Source: MLIST

Name: [oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability

Hyperlink:http://openwall.com/lists/oss-security/2011/04/18/7

External Source: FEDORA

Name: FEDORA-2011-5505

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html

External Source: FEDORA

Name: FEDORA-2011-5504

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html

External Source: CONFIRM

Name: http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes

Hyperlink:http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes

External Source: CONFIRM

Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952

Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952