Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-16248

Published: 01/11/2017 Updated: 22/11/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Catalyst-plugin-static-simple Project

Vulnerability Summary

The Catalyst-Plugin-Static-Simple module prior to 0.34 for Perl allows remote malicious users to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

catalyst-plugin-static-simple project catalyst-plugin-static-simple

Vendor Advisories

Debian CVElist Bug Report Logs: libcatalyst-plugin-static-simple-perl: CVE-2017-16248: leaks files without extention, inadvertently
Debian Bug report logs - #880458 libcatalyst-plugin-static-simple-perl: CVE-2017-16248: leaks files without extention, inadvertently Package: libcatalyst-plugin-static-simple-perl; Maintainer for libcatalyst-plugin-static-simple-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libcatalyst-plugin-s ...

References

CWE-200https://rt.cpan.org/Public/Bug/Display.html?id=120558https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simplehttps://bugs.debian.org/880458https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880458https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook