cvelistv5 - cve-2003-0615

CVE-2003-0615 (GCVE-0-2003-0615)

Vulnerability from cvelistv5 – Published: 2003-08-01 04:00 – Updated: 2024-08-08 01:58

Summary

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=full-disclosure&m=10587521101…	mailing-listx_refsource_FULLDISC
	http://wwwnew.mandriva.com/security/advisories?na…	vendor-advisoryx_refsource_MANDRAKE
	http://www.debian.org/security/2003/dsa-371	vendor-advisoryx_refsource_DEBIAN
	http://marc.info/?l=bugtraq&m=105880349328877&w=2	mailing-listx_refsource_BUGTRAQ
	http://distro.conectiva.com.br/atualizacoes/?id=a…	vendor-advisoryx_refsource_CONECTIVA
	http://www.ciac.org/ciac/bulletins/n-155.shtml	third-party-advisorygovernment-resourcex_refsource_CIAC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://marc.info/?l=bugtraq&m=106018783704468&w=2	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1007234	vdb-entryx_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2003-256.html	vendor-advisoryx_refsource_REDHAT
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/13638	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/8231	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/246409	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:11.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030720 CGI.pm vulnerable to Cross-site Scripting.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
          },
          {
            "name": "MDKSA-2003:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
          },
          {
            "name": "DSA-371",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-371"
          },
          {
            "name": "20030720 CGI.pm vulnerable to Cross-site Scripting",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
          },
          {
            "name": "CLA-2003:713",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
          },
          {
            "name": "N-155",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
          },
          {
            "name": "cgi-startform-xss(12669)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
          },
          {
            "name": "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
          },
          {
            "name": "1007234",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1007234"
          },
          {
            "name": "RHSA-2003:256",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
          },
          {
            "name": "101426",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
          },
          {
            "name": "13638",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13638"
          },
          {
            "name": "oval:org.mitre.oval:def:470",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
          },
          {
            "name": "oval:org.mitre.oval:def:307",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
          },
          {
            "name": "8231",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/8231"
          },
          {
            "name": "VU#246409",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/246409"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030720 CGI.pm vulnerable to Cross-site Scripting.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
        },
        {
          "name": "MDKSA-2003:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
        },
        {
          "name": "DSA-371",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-371"
        },
        {
          "name": "20030720 CGI.pm vulnerable to Cross-site Scripting",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
        },
        {
          "name": "CLA-2003:713",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
        },
        {
          "name": "N-155",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
        },
        {
          "name": "cgi-startform-xss(12669)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
        },
        {
          "name": "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
        },
        {
          "name": "1007234",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1007234"
        },
        {
          "name": "RHSA-2003:256",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
        },
        {
          "name": "101426",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
        },
        {
          "name": "13638",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13638"
        },
        {
          "name": "oval:org.mitre.oval:def:470",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
        },
        {
          "name": "oval:org.mitre.oval:def:307",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
        },
        {
          "name": "8231",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/8231"
        },
        {
          "name": "VU#246409",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/246409"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0615",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030720 CGI.pm vulnerable to Cross-site Scripting.",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
            },
            {
              "name": "MDKSA-2003:084",
              "refsource": "MANDRAKE",
              "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
            },
            {
              "name": "DSA-371",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-371"
            },
            {
              "name": "20030720 CGI.pm vulnerable to Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
            },
            {
              "name": "CLA-2003:713",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
            },
            {
              "name": "N-155",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
            },
            {
              "name": "cgi-startform-xss(12669)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
            },
            {
              "name": "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
            },
            {
              "name": "1007234",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1007234"
            },
            {
              "name": "RHSA-2003:256",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
            },
            {
              "name": "101426",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
            },
            {
              "name": "13638",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13638"
            },
            {
              "name": "oval:org.mitre.oval:def:470",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
            },
            {
              "name": "oval:org.mitre.oval:def:307",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
            },
            {
              "name": "8231",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/8231"
            },
            {
              "name": "VU#246409",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/246409"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0615",
    "datePublished": "2003-08-01T04:00:00",
    "dateReserved": "2003-07-30T00:00:00",
    "dateUpdated": "2024-08-08T01:58:11.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0621A90A-5B7E-4B6C-A55E-DCFB26C833C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39FCDC55-8C02-425D-B314-AFA337D6787E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0D431DA-E195-4FBC-8746-47352131FD2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D2D3333-7A7E-416A-A540-49CB65ED1E64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"010B0873-8430-4331-8059-C4A21DF6C969\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE0ECE1B-36BB-4523-8DAD-0404E1D48A26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F213FC8F-1F7C-4A6A-AC6B-7F644E614AFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DEDBBEF-303E-4827-8E3C-462C03F9F4F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EAD58C1-FE0F-4BBC-8472-98DFF7191D04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6ADD463-E918-4F4D-9FA7-D109EBC98BD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46B96764-9241-4586-9FA5-77D8D8EBE3BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D342447B-5233-45FD-B1CF-8D84921402AD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*\", \"matchCriteriaId\": \"A6B060E4-B5A6-4469-828E-211C52542547\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*\", \"matchCriteriaId\": \"974C3541-990C-4CD4-A05A-38FA74A84632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*\", \"matchCriteriaId\": \"6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*\", \"matchCriteriaId\": \"58792F77-B06F-4780-BA25-FE1EE6C3FDD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*\", \"matchCriteriaId\": \"C9419322-572F-4BB6-8416-C5E96541CF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*\", \"matchCriteriaId\": \"BFC50555-C084-46A3-9C9F-949C5E3BB448\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*\", \"matchCriteriaId\": \"9C25D6E1-D283-4CEA-B47B-60C47A5C0797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*\", \"matchCriteriaId\": \"AD18A446-C634-417E-86AC-B19B6DDDC856\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*\", \"matchCriteriaId\": \"E4BB852E-61B2-4842-989F-C6C0C901A8D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*\", \"matchCriteriaId\": \"24DD9D59-E2A2-4116-A887-39E8CC2004FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*\", \"matchCriteriaId\": \"F28D7457-607E-4E0C-909A-413F91CFCD82\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en par\\u00e1metro \\\"action\\\" del formulario.\"}]",
      "id": "CVE-2003-0615",
      "lastModified": "2024-11-20T23:45:08.760",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2003-08-27T04:00:00.000",
      "references": "[{\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/13638\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1007234\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ciac.org/ciac/bulletins/n-155.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2003/dsa-371\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/246409\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-256.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/8231\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/12669\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/13638\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1007234\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ciac.org/ciac/bulletins/n-155.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2003/dsa-371\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/246409\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-256.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/8231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/12669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0615\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-08-27T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en par\u00e1metro \\\"action\\\" del formulario.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0621A90A-5B7E-4B6C-A55E-DCFB26C833C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39FCDC55-8C02-425D-B314-AFA337D6787E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D431DA-E195-4FBC-8746-47352131FD2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D2D3333-7A7E-416A-A540-49CB65ED1E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"010B0873-8430-4331-8059-C4A21DF6C969\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE0ECE1B-36BB-4523-8DAD-0404E1D48A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F213FC8F-1F7C-4A6A-AC6B-7F644E614AFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DEDBBEF-303E-4827-8E3C-462C03F9F4F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EAD58C1-FE0F-4BBC-8472-98DFF7191D04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6ADD463-E918-4F4D-9FA7-D109EBC98BD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46B96764-9241-4586-9FA5-77D8D8EBE3BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D342447B-5233-45FD-B1CF-8D84921402AD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*\",\"matchCriteriaId\":\"A6B060E4-B5A6-4469-828E-211C52542547\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*\",\"matchCriteriaId\":\"974C3541-990C-4CD4-A05A-38FA74A84632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*\",\"matchCriteriaId\":\"6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*\",\"matchCriteriaId\":\"58792F77-B06F-4780-BA25-FE1EE6C3FDD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*\",\"matchCriteriaId\":\"C9419322-572F-4BB6-8416-C5E96541CF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*\",\"matchCriteriaId\":\"BFC50555-C084-46A3-9C9F-949C5E3BB448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*\",\"matchCriteriaId\":\"9C25D6E1-D283-4CEA-B47B-60C47A5C0797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*\",\"matchCriteriaId\":\"AD18A446-C634-417E-86AC-B19B6DDDC856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*\",\"matchCriteriaId\":\"E4BB852E-61B2-4842-989F-C6C0C901A8D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*\",\"matchCriteriaId\":\"24DD9D59-E2A2-4116-A887-39E8CC2004FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*\",\"matchCriteriaId\":\"F28D7457-607E-4E0C-909A-413F91CFCD82\"}]}]}],\"references\":[{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/13638\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1007234\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ciac.org/ciac/bulletins/n-155.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2003/dsa-371\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/246409\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-256.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/8231\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/12669\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/13638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1007234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ciac.org/ciac/bulletins/n-155.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2003/dsa-371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/246409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-256.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/8231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/12669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2003:256

Vulnerability from csaf_redhat - Published: 2003-09-22 08:52 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: : : : Updated Perl packages fix security issues.

Notes

Topic

Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available. [Updated 3 Oct 2003] Updated mod_perl packages have been added for Red Hat Linux 7.1, which are required due to the move to Perl version 5.6.1 on this platform.

Details

Perl is a high-level programming language commonly used for system administration utilities and Web programming. Two security issues have been found in Perl that affect the Perl packages shipped with Red Hat Linux: When safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and earlier, it is possible for an attacker to break out of safe compartments within Safe::reval and Safe::rdo by using a redefined @_ variable. This is due to the fact that the redefined @_ variable is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1323 to this issue. NOTE: This issue does not affect the Perl packages which shipped with Red Hat Linux 9. A cross-site scripting vulnerability was discovered in the start_form() function of CGI.pm. The vulnerability allows a remote attacker to insert a Web script via a URL fed into the form's action parameter. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0615 to this issue. Users of Perl are advised to upgrade to the packages contained within this erratum. For Red Hat Linux 7.1, 7.2, and 7.3, Perl version 5.6.1 contains backported security patches addressing these issues. For Red Hat Linux 8.0 and 9, Perl version 5.8.0 is supplied, which is not vulnerable to issue CAN-2002-1323 and which contains a backported security patch addressing issue CAN-2003-0615.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Perl packages that fix a security issue in Safe.pm and a cross-site\nscripting (XSS) vulnerability in CGI.pm are now available.\n\n[Updated 3 Oct 2003]\nUpdated mod_perl packages have been added for Red Hat Linux 7.1, which are\nrequired due to the move to Perl version 5.6.1 on this platform.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Perl is a high-level programming language commonly used for system\nadministration utilities and Web programming.\n\nTwo security issues have been found in Perl that affect the Perl packages\nshipped with Red Hat Linux:\n\nWhen safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and\nearlier, it is possible for an attacker to break out of safe compartments\nwithin Safe::reval and Safe::rdo by using a redefined @_ variable. This is\ndue to the fact that the redefined @_ variable is not reset between\nsuccessive calls. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2002-1323 to this issue. NOTE:\nThis issue does not affect the Perl packages which shipped with Red Hat\nLinux 9.\n\nA cross-site scripting vulnerability was discovered in the start_form()\nfunction of CGI.pm. The vulnerability allows a remote attacker to insert a\nWeb script via a URL fed into the form\u0027s action parameter. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0615 to this issue.\n\nUsers of Perl are advised to upgrade to the packages contained within this\nerratum. For Red Hat Linux 7.1, 7.2, and 7.3, Perl version 5.6.1 contains\nbackported security patches addressing these issues. For Red Hat Linux 8.0\nand 9, Perl version 5.8.0 is supplied, which is not vulnerable to issue\nCAN-2002-1323 and which contains a backported security patch addressing\nissue CAN-2003-0615.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:256",
        "url": "https://access.redhat.com/errata/RHSA-2003:256"
      },
      {
        "category": "external",
        "summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877",
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877"
      },
      {
        "category": "external",
        "summary": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744",
        "url": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744"
      },
      {
        "category": "external",
        "summary": "104875",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104875"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_256.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated Perl packages fix security issues.",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:25+00:00",
      "generator": {
        "date": "2025-11-21T17:26:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:256",
      "initial_release_date": "2003-09-22T08:52:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-22T08:52:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-09-22T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1323",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616874"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616874",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616874"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323"
        }
      ],
      "release_date": "2002-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:256"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0615",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615"
        }
      ],
      "release_date": "2003-07-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:256"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:257

Vulnerability from csaf_redhat - Published: 2003-09-22 08:46 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: perl security update

Notes

Topic

Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available.

Details

Perl is a high-level programming language commonly used for system administration utilities and Web programming. Two security issues have been found in Perl that affect the Perl packages shipped with Red Hat Enterprise Linux: When safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and earlier, it is possible for an attacker to break out of safe compartments within Safe::reval and Safe::rdo by using a redefined @_ variable. This is due to the fact that the redefined @_ variable is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1323 to this issue. A cross-site scripting vulnerability was discovered in the start_form() function of CGI.pm. The vulnerability allows a remote attacker to insert a Web script via a URL fed into the form's action parameter. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0615 to this issue. Users of Perl are advised to upgrade to these erratum packages, which contain Perl 5.6.1 with backported security patches correcting these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Perl packages that fix a security issue in Safe.pm and a cross-site\nscripting (XSS) vulnerability in CGI.pm are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Perl is a high-level programming language commonly used for system\nadministration utilities and Web programming.\n\nTwo security issues have been found in Perl that affect the Perl packages\nshipped with Red Hat Enterprise Linux:\n\nWhen safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and\nearlier, it is possible for an attacker to break out of safe compartments\nwithin Safe::reval and Safe::rdo by using a redefined @_ variable. This is\ndue to the fact that the redefined @_ variable is not reset between\nsuccessive calls. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2002-1323 to this issue.\n\nA cross-site scripting vulnerability was discovered in the start_form()\nfunction of CGI.pm. The vulnerability allows a remote attacker to insert a\nWeb script via a URL fed into the form\u0027s action parameter. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0615 to this issue.\n\nUsers of Perl are advised to upgrade to these erratum packages, which\ncontain Perl 5.6.1 with backported security patches correcting these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:257",
        "url": "https://access.redhat.com/errata/RHSA-2003:257"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877",
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877"
      },
      {
        "category": "external",
        "summary": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744",
        "url": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744"
      },
      {
        "category": "external",
        "summary": "102191",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102191"
      },
      {
        "category": "external",
        "summary": "102192",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102192"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_257.json"
      }
    ],
    "title": "Red Hat Security Advisory: perl security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:25+00:00",
      "generator": {
        "date": "2025-11-21T17:26:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:257",
      "initial_release_date": "2003-09-22T08:46:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-22T08:46:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-09-22T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1323",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616874"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616874",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616874"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323"
        }
      ],
      "release_date": "2002-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:46:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:257"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0615",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615"
        }
      ],
      "release_date": "2003-07-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:46:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:257"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_256

Vulnerability from csaf_redhat - Published: 2003-09-22 08:52 - Updated: 2024-11-21 22:49

Summary

Red Hat Security Advisory: : : : Updated Perl packages fix security issues.

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Perl packages that fix a security issue in Safe.pm and a cross-site\nscripting (XSS) vulnerability in CGI.pm are now available.\n\n[Updated 3 Oct 2003]\nUpdated mod_perl packages have been added for Red Hat Linux 7.1, which are\nrequired due to the move to Perl version 5.6.1 on this platform.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Perl is a high-level programming language commonly used for system\nadministration utilities and Web programming.\n\nTwo security issues have been found in Perl that affect the Perl packages\nshipped with Red Hat Linux:\n\nWhen safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and\nearlier, it is possible for an attacker to break out of safe compartments\nwithin Safe::reval and Safe::rdo by using a redefined @_ variable. This is\ndue to the fact that the redefined @_ variable is not reset between\nsuccessive calls. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2002-1323 to this issue. NOTE:\nThis issue does not affect the Perl packages which shipped with Red Hat\nLinux 9.\n\nA cross-site scripting vulnerability was discovered in the start_form()\nfunction of CGI.pm. The vulnerability allows a remote attacker to insert a\nWeb script via a URL fed into the form\u0027s action parameter. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0615 to this issue.\n\nUsers of Perl are advised to upgrade to the packages contained within this\nerratum. For Red Hat Linux 7.1, 7.2, and 7.3, Perl version 5.6.1 contains\nbackported security patches addressing these issues. For Red Hat Linux 8.0\nand 9, Perl version 5.8.0 is supplied, which is not vulnerable to issue\nCAN-2002-1323 and which contains a backported security patch addressing\nissue CAN-2003-0615.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:256",
        "url": "https://access.redhat.com/errata/RHSA-2003:256"
      },
      {
        "category": "external",
        "summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877",
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877"
      },
      {
        "category": "external",
        "summary": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744",
        "url": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744"
      },
      {
        "category": "external",
        "summary": "104875",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=104875"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_256.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated Perl packages fix security issues.",
    "tracking": {
      "current_release_date": "2024-11-21T22:49:25+00:00",
      "generator": {
        "date": "2024-11-21T22:49:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:256",
      "initial_release_date": "2003-09-22T08:52:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-22T08:52:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-09-22T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:49:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 8.0",
                "product": {
                  "name": "Red Hat Linux 8.0",
                  "product_id": "Red Hat Linux 8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:8.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1323",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616874"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616874",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616874"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323"
        }
      ],
      "release_date": "2002-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:256"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0615",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3",
          "Red Hat Linux 8.0",
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615"
        }
      ],
      "release_date": "2003-07-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:52:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3",
            "Red Hat Linux 8.0",
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:256"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_257

Vulnerability from csaf_redhat - Published: 2003-09-22 08:46 - Updated: 2024-11-21 22:49

Summary

Red Hat Security Advisory: perl security update

Notes

Topic

Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available.

Details

Perl is a high-level programming language commonly used for system administration utilities and Web programming. Two security issues have been found in Perl that affect the Perl packages shipped with Red Hat Enterprise Linux: When safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and earlier, it is possible for an attacker to break out of safe compartments within Safe::reval and Safe::rdo by using a redefined @_ variable. This is due to the fact that the redefined @_ variable is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1323 to this issue. A cross-site scripting vulnerability was discovered in the start_form() function of CGI.pm. The vulnerability allows a remote attacker to insert a Web script via a URL fed into the form's action parameter. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0615 to this issue. Users of Perl are advised to upgrade to these erratum packages, which contain Perl 5.6.1 with backported security patches correcting these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Perl packages that fix a security issue in Safe.pm and a cross-site\nscripting (XSS) vulnerability in CGI.pm are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Perl is a high-level programming language commonly used for system\nadministration utilities and Web programming.\n\nTwo security issues have been found in Perl that affect the Perl packages\nshipped with Red Hat Enterprise Linux:\n\nWhen safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and\nearlier, it is possible for an attacker to break out of safe compartments\nwithin Safe::reval and Safe::rdo by using a redefined @_ variable. This is\ndue to the fact that the redefined @_ variable is not reset between\nsuccessive calls. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2002-1323 to this issue.\n\nA cross-site scripting vulnerability was discovered in the start_form()\nfunction of CGI.pm. The vulnerability allows a remote attacker to insert a\nWeb script via a URL fed into the form\u0027s action parameter. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0615 to this issue.\n\nUsers of Perl are advised to upgrade to these erratum packages, which\ncontain Perl 5.6.1 with backported security patches correcting these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:257",
        "url": "https://access.redhat.com/errata/RHSA-2003:257"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877",
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105880349328877"
      },
      {
        "category": "external",
        "summary": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744",
        "url": "http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744"
      },
      {
        "category": "external",
        "summary": "102191",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102191"
      },
      {
        "category": "external",
        "summary": "102192",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=102192"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_257.json"
      }
    ],
    "title": "Red Hat Security Advisory: perl security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:49:29+00:00",
      "generator": {
        "date": "2024-11-21T22:49:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:257",
      "initial_release_date": "2003-09-22T08:46:00+00:00",
      "revision_history": [
        {
          "date": "2003-09-22T08:46:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-09-22T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:49:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2002-1323",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616874"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616874",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616874"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2002-1323",
          "url": "https://www.cve.org/CVERecord?id=CVE-2002-1323"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1323"
        }
      ],
      "release_date": "2002-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:46:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:257"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2003-0615",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0615"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615"
        }
      ],
      "release_date": "2003-07-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-09-22T08:46:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:257"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GSD-2003-0615

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

Aliases

CVE-2003-0615

Aliases

CVE-2003-0615

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0615",
    "description": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.",
    "id": "GSD-2003-0615",
    "references": [
      "https://www.debian.org/security/2003/dsa-371",
      "https://access.redhat.com/errata/RHSA-2003:257",
      "https://access.redhat.com/errata/RHSA-2003:256"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0615"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.",
      "id": "GSD-2003-0615",
      "modified": "2023-12-13T01:22:13.212673Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0615",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20030720 CGI.pm vulnerable to Cross-site Scripting.",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
          },
          {
            "name": "MDKSA-2003:084",
            "refsource": "MANDRAKE",
            "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
          },
          {
            "name": "DSA-371",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2003/dsa-371"
          },
          {
            "name": "20030720 CGI.pm vulnerable to Cross-site Scripting",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
          },
          {
            "name": "CLA-2003:713",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
          },
          {
            "name": "N-155",
            "refsource": "CIAC",
            "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
          },
          {
            "name": "cgi-startform-xss(12669)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
          },
          {
            "name": "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
          },
          {
            "name": "1007234",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1007234"
          },
          {
            "name": "RHSA-2003:256",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
          },
          {
            "name": "101426",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
          },
          {
            "name": "13638",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/13638"
          },
          {
            "name": "oval:org.mitre.oval:def:470",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
          },
          {
            "name": "oval:org.mitre.oval:def:307",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
          },
          {
            "name": "8231",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/8231"
          },
          {
            "name": "VU#246409",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/246409"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0615"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8231",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/8231"
            },
            {
              "name": "RHSA-2003:256",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
            },
            {
              "name": "VU#246409",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/246409"
            },
            {
              "name": "MDKSA-2003:084",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
            },
            {
              "name": "1007234",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1007234"
            },
            {
              "name": "13638",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/13638"
            },
            {
              "name": "CLA-2003:713",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
            },
            {
              "name": "101426",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
            },
            {
              "name": "N-155",
              "refsource": "CIAC",
              "tags": [],
              "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
            },
            {
              "name": "DSA-371",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2003/dsa-371"
            },
            {
              "name": "20030720 CGI.pm vulnerable to Cross-site Scripting",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
            },
            {
              "name": "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
            },
            {
              "name": "20030720 CGI.pm vulnerable to Cross-site Scripting.",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
            },
            {
              "name": "cgi-startform-xss(12669)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
            },
            {
              "name": "oval:org.mitre.oval:def:470",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
            },
            {
              "name": "oval:org.mitre.oval:def:307",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-05-03T01:29Z",
      "publishedDate": "2003-08-27T04:00Z"
    }
  }
}

FKIE_CVE-2003-0615

Vulnerability from fkie_nvd - Published: 2003-08-27 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

References

URL	Tags
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
cve@mitre.org	http://marc.info/?l=bugtraq&m=105880349328877&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=106018783704468&w=2
cve@mitre.org	http://marc.info/?l=full-disclosure&m=105875211018698&w=2
cve@mitre.org	http://secunia.com/advisories/13638
cve@mitre.org	http://securitytracker.com/id?1007234
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
cve@mitre.org	http://www.ciac.org/ciac/bulletins/n-155.shtml
cve@mitre.org	http://www.debian.org/security/2003/dsa-371
cve@mitre.org	http://www.kb.cert.org/vuls/id/246409	US Government Resource
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-256.html
cve@mitre.org	http://www.securityfocus.com/bid/8231	Patch, Vendor Advisory
cve@mitre.org	http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/12669
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=105880349328877&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=106018783704468&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=105875211018698&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/13638
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1007234
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ciac.org/ciac/bulletins/n-155.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2003/dsa-371
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/246409	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-256.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/8231	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/12669
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470

Impacted products

Vendor	Product	Version
cgi.pm	cgi.pm	2.73
cgi.pm	cgi.pm	2.74
cgi.pm	cgi.pm	2.75
cgi.pm	cgi.pm	2.76
cgi.pm	cgi.pm	2.78
cgi.pm	cgi.pm	2.79
cgi.pm	cgi.pm	2.93
cgi.pm	cgi.pm	2.751
cgi.pm	cgi.pm	2.753
openpkg	openpkg	1.2
openpkg	openpkg	1.3
openpkg	openpkg	current
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0
debian	debian_linux	3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "0621A90A-5B7E-4B6C-A55E-DCFB26C833C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "39FCDC55-8C02-425D-B314-AFA337D6787E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D431DA-E195-4FBC-8746-47352131FD2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2D3333-7A7E-416A-A540-49CB65ED1E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B0873-8430-4331-8059-C4A21DF6C969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE0ECE1B-36BB-4523-8DAD-0404E1D48A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "F213FC8F-1F7C-4A6A-AC6B-7F644E614AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DEDBBEF-303E-4827-8E3C-462C03F9F4F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EAD58C1-FE0F-4BBC-8472-98DFF7191D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6ADD463-E918-4F4D-9FA7-D109EBC98BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B96764-9241-4586-9FA5-77D8D8EBE3BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
              "matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
              "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
              "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
              "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
              "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
              "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
              "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
              "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
              "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en par\u00e1metro \"action\" del formulario."
    }
  ],
  "id": "CVE-2003-0615",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-08-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13638"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1007234"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-371"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/246409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1007234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/246409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/8231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8J4W-MR68-R956

Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2022-04-29 01:26

Details

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0615"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-08-27T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form\u0027s action parameter.",
  "id": "GHSA-8j4w-mr68-r956",
  "modified": "2022-04-29T01:26:42Z",
  "published": "2022-04-29T01:26:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0615"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/13638"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1007234"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2003/dsa-371"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/246409"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/8231"
    },
    {
      "type": "WEB",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2003-0615 (GCVE-0-2003-0615)

RHSA-2003:256

RHSA-2003:257

RHSA-2003_256

RHSA-2003_257

GSD-2003-0615

FKIE_CVE-2003-0615

GHSA-8J4W-MR68-R956

Tags

Sightings

Nomenclature