CVE-2011-2201

Published: 14/09/2011 Updated: 14/09/2011

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The Data::FormValidator module 4.66 and previous versions for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote malicious users to bypass the taint protection mechanism via form input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mark_stosberg data\\ \\

Debian Bug report logs - #629511 can report invalid data as valid in untaint mode Package: libdata-formvalidator-perl; Maintainer for libdata-formvalidator-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libdata-formvalidator-perl is src:libdata-formvalidator-perl (PTS, buildd, popcon) Re ...

source: wwwsecurityfocuscom/bid/48167/info The Perl Data::FormValidator module is prone to a security-bypass vulnerability An attacker can exploit this issue to bypass certain security restrictions and obtain potentially sensitive information Data::FormValidator 466 is vulnerable; other versions may also be affected #!/opt/perl/51 ...

CWE-264 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511 http://www.openwall.com/lists/oss-security/2011/06/13/13 https://bugzilla.redhat.com/show_bug.cgi?id=712694 http://www.openwall.com/lists/oss-security/2011/06/12/3 http://www.securityfocus.com/bid/48167 https://rt.cpan.org/Public/Bug/Display.html?id=61792 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html http://www.openwall.com/lists/oss-security/2011/06/13/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511 https://nvd.nist.gov https://www.exploit-db.com/exploits/35836/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-2201

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect