Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4407

Опубликовано: 23 нояб. 2013
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:http-body_project:http-body:*:*:*:*:*:*:*:*
Версия до 1.17 (включая)
cpe:2.3:a:http-body_project:http-body:0.01:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.2:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.03:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.4:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.5:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.6:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.7:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.8:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:0.9:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.00:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.01:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.02:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.03:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.04:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.05:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.06:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.07:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.08:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.09:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.10:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.11:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.12:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.14:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.15:*:*:*:*:*:*:*
cpe:2.3:a:http-body_project:http-body:1.16:*:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.0083
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2013-4407

ubuntu
около 12 лет назад

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

debian логотип

CVE-2013-4407

debian
около 12 лет назад

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1 ...

github логотип

GHSA-8v7w-j6g2-p6j2

github
больше 3 лет назад

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

EPSS

Процентиль: 74%
0.0083
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo