Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-2253

Опубликовано: 06 июл. 2010
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gisle_aas:libwww-perl:0.01:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:0.02:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:0.03:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:0.04:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.00:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.01:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.02:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.03:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.04:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.05:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.06:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.07:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.08:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.09:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.10:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.11:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.12:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.13:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.14:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.15:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.16:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.17:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.18:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.18_03:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.18_04:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.18_05:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.19:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.20:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.21:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.22:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.30:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.31:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.32:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.33:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.34:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.35:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.36:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.41:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.42:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.43:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.44:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.45:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.46:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.47:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.48:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.49:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.50:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.51:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.52:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_90:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_91:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_92:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_93:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_94:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_95:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_96:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.53_97:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.60:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.61:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.62:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.63:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.64:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.65:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.66:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.67:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.68:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.69:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.70:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.71:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.72:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.73:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.74:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.75:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.76:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.77:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.78:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.79:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.800:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.801:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.802:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.803:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.804:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.805:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.806:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.807:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.808:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.810:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.811:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.812:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.813:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.814:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.815:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.816:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.817:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.818:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.819:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.820:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.821:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.822:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.823:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.824:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.825:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.826:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.827:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.828:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.829:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.830:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.831:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.832:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5.833:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b5:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b6:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b7:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b8:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b9:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b10:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b11:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b12:*:*:*:*:*:*:*
cpe:2.3:a:gisle_aas:libwww-perl:5b13:*:*:*:*:*:*:*
cpe:2.3:a:search.cpan:libwww-perl:*:*:*:*:*:*:*:*
Версия до 5.834 (включая)
cpe:2.3:a:search.cpan:libwww-perl:5.40_01:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01125
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2010-2253

ubuntu
больше 15 лет назад

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

redhat логотип

CVE-2010-2253

redhat
больше 15 лет назад

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

debian логотип

CVE-2010-2253

debian
больше 15 лет назад

lwp-download in libwww-perl before 5.835 does not reject downloads to ...

github логотип

GHSA-mcrm-9w8r-c6w8

github
больше 3 лет назад

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

EPSS

Процентиль: 78%
0.01125
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20