Vulnerabilites related to mark_stosberg - data\
Vulnerability from fkie_nvd
Published
2011-09-14 16:05
Modified
2024-11-21 01:27
Severity ?
Summary
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFABCFBC-0EC9-4DF4-B36E-C657272183A1",
"versionEndIncluding": "4.66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "672D4776-8D5B-4819-8BF3-AEDF26C3D96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0F8CE2-8032-4B42-954A-A2FE17756FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1F5875-286A-400B-BD54-C126DBF9208D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AE171E-7047-4028-8111-FBF69A2CA8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "487D174E-2DE8-43BD-B775-2821D4664FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "564A8717-1CCE-4210-B371-610B3CF77864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F1260F48-15C0-4BB3-B7BF-FAE2FBD48730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AE318DEF-513B-4B8D-A234-BE163F999615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "89D205BE-D742-4835-BA7B-858A1CE1E573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E52CDBF8-F834-4F34-8D4A-05BDF9F0D72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "2137D5D4-8007-454F-A212-1766B7F439F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "76788109-9544-4257-8371-07370FB6D8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "405BB5BA-4723-4847-8748-61A69E7F53CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "131D4215-C4DC-4780-AA5B-06C1FEE61BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEF3AE5-D0A4-4C68-89DB-696CBB716434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "0F844F48-EC40-422A-8088-BFC1647D6A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E4034AF6-877B-477D-9C89-9AF4F5A3B08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "18F27023-9062-49BA-A8FC-52DFB1A56E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A409D95-DFA5-4A59-BC40-F593E280E007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_01:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCC3E8-9419-4359-ACA9-88B45881BC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_02:*:*:*:*:*:*:*",
"matchCriteriaId": "225F296B-AA04-426D-85EE-07CF3173F8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_03:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B45194-6487-42A7-AF51-F065E60DF18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_04:*:*:*:*:*:*:*",
"matchCriteriaId": "A4485908-3E21-4223-8349-3FBAD619A217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8998E587-98CA-4D3B-8388-45F181DAE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E98A159C-36EF-4764-849E-C548639BF888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD58054-2DCB-4CAD-8C4E-22D994E59A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E44C0AD3-ACB5-41AD-BFF3-C3423C7438E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "18E52F34-8A1B-452B-966E-CD553580028B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC2BD62-0445-415D-B8BB-37EB70F4358D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50A22B36-721E-4D4F-B37C-52927170029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6C294C-90E6-4150-8976-508693BD3DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.49_1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60A3C8F-E980-451B-BDF5-5D9A712BC3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4C0776-F778-47AF-9099-D7567AA72C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "93A9749E-644A-4863-82C9-766AD7CA288D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "727FEE1D-23F9-4451-8072-34DDCBCAAE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "AA70B179-D7EE-472B-882D-474BBBE23699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "51CD2258-08DF-4383-9B0F-6BB15CD5A5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C966AF-A159-4B5B-B0D8-6AD08B8929C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AEBE47-23B4-47A4-8E99-0008400AAF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1870B0DC-6BD0-4EFC-8716-772730845ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "8D302C63-E567-4552-9850-9EDEF4C9956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "CE55ACEB-ECC0-4F9E-BAEF-3F8F1B4FFC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4346B371-A067-45C5-A996-F8E9F6A64335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0B54BA-7C06-40BC-AF06-1FA8DD55EB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B664DE-93D4-4884-9DF4-5EBA1E9FDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "E48EBC0D-2B32-4478-A453-437B4708C3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8D79F-7FD4-49ED-B862-4C5F9F69E189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B47A1DEE-DB01-4525-AB1F-0ECB9418FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E055B23E-E478-4CE9-961C-36FAB8A2D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C0DB0A-A0C1-47D4-A480-8CD0DA799751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51229D5C-47E6-4DE6-8980-C9D463FBD767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "519DC991-4D87-4BF1-84ED-DE2C0B541989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BD26998A-A9A2-4A19-96A4-A63F8565090C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6487F14B-3779-4612-8582-7E8875425BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC665D0-7F02-4A50-AAB6-6D5AB6CE32A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D8001-0F08-4BF6-9140-F39A94F614F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3E7868-5992-491F-A17F-D60A60943912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.49_01:*:*:*:*:*:*:*",
"matchCriteriaId": "02FA1232-DBE9-4F7F-A1E4-89E0E2A66F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.50:*:*:*:*:*:*:*",
"matchCriteriaId": "450FCFE6-BDDD-4654-A730-798B298E6DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.51:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6EAC7-1215-426D-BBAB-0CDFB2D9D462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.52:*:*:*:*:*:*:*",
"matchCriteriaId": "D42D9B8C-5FE3-4987-90D2-13252EF9ADE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.53:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C4526E-EEDE-4A91-B1AD-8F8B70047045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.54:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAB3AC5-3629-4A7C-9B97-E463EC58363A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.55:*:*:*:*:*:*:*",
"matchCriteriaId": "16B7B04C-7CF5-4C34-BFBA-57850A70C97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.56:*:*:*:*:*:*:*",
"matchCriteriaId": "140D6FB5-6EBF-476D-BA63-D75283786EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEC6A01-0480-413F-8DE4-CDDF5586C277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F5E661-8B88-42D0-8C50-9F7673C5D0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.61:*:*:*:*:*:*:*",
"matchCriteriaId": "698232CE-1461-43A3-9B4E-47698B5F81C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.62:*:*:*:*:*:*:*",
"matchCriteriaId": "08EF5774-2E9C-42E8-8621-8619D6B9A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D12DA159-B0E2-47BA-A75D-E06FB6ED288E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.65:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE69C8F-F659-43AE-8A7A-D3D02B2D2FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input."
},
{
"lang": "es",
"value": "El m\u00f3dulo Data::FormValidator v4.66 y anteriores para Perl, cuando untaint_all_constraints est\u00e1 activada, no conserva correctamente el atributo taint de los datos, lo que podr\u00eda permitir a atacantes remotos evitar el mecanismo de protecci\u00f3n ante corrupci\u00f3n de datos a trav\u00e9s de un formulario de entrada."
}
],
"id": "CVE-2011-2201",
"lastModified": "2024-11-21T01:27:48.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-14T16:05:23.527",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2011-2201
Vulnerability from cvelistv5
Published
2011-09-14 15:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48167 | vdb-entry, x_refsource_BID | |
| https://rt.cpan.org/Public/Bug/Display.html?id=61792 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/06/13/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/06/12/3 | mailing-list, x_refsource_MLIST | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=712694 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/06/13/13 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"name": "[oss-security] 20110612 CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"name": "FEDORA-2011-11680",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-14T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"name": "[oss-security] 20110612 CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"name": "FEDORA-2011-11680",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2201",
"datePublished": "2011-09-14T15:00:00Z",
"dateReserved": "2011-05-31T00:00:00Z",
"dateUpdated": "2024-08-06T22:53:17.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}