FKIE_CVE-2010-2253

Vulnerability from fkie_nvd - Published: 2010-07-06 17:17 - Updated: 2025-04-11 00:51
Severity ?
Summary
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
References
cve@mitre.orghttp://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html
cve@mitre.orghttp://marc.info/?l=oss-security&m=127411372529485&w=2
cve@mitre.orghttp://marc.info/?l=oss-security&m=127611288927500&w=2
cve@mitre.orghttp://www.ocert.org/advisories/ocert-2010-001.html
cve@mitre.orghttp://www.ubuntu.com/usn/USN-981-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/2872
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=591580
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=602800
af854a3a-2127-422b-91ae-364da2661108http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127411372529485&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127611288927500&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2010-001.html
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-981-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2872
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=591580
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=602800
Impacted products
Vendor Product Version
gisle_aas libwww-perl 0.01
gisle_aas libwww-perl 0.02
gisle_aas libwww-perl 0.03
gisle_aas libwww-perl 0.04
gisle_aas libwww-perl 5.00
gisle_aas libwww-perl 5.01
gisle_aas libwww-perl 5.02
gisle_aas libwww-perl 5.03
gisle_aas libwww-perl 5.04
gisle_aas libwww-perl 5.05
gisle_aas libwww-perl 5.06
gisle_aas libwww-perl 5.07
gisle_aas libwww-perl 5.08
gisle_aas libwww-perl 5.09
gisle_aas libwww-perl 5.10
gisle_aas libwww-perl 5.11
gisle_aas libwww-perl 5.12
gisle_aas libwww-perl 5.13
gisle_aas libwww-perl 5.14
gisle_aas libwww-perl 5.15
gisle_aas libwww-perl 5.16
gisle_aas libwww-perl 5.17
gisle_aas libwww-perl 5.18
gisle_aas libwww-perl 5.18_03
gisle_aas libwww-perl 5.18_04
gisle_aas libwww-perl 5.18_05
gisle_aas libwww-perl 5.19
gisle_aas libwww-perl 5.20
gisle_aas libwww-perl 5.21
gisle_aas libwww-perl 5.22
gisle_aas libwww-perl 5.30
gisle_aas libwww-perl 5.31
gisle_aas libwww-perl 5.32
gisle_aas libwww-perl 5.33
gisle_aas libwww-perl 5.34
gisle_aas libwww-perl 5.35
gisle_aas libwww-perl 5.36
gisle_aas libwww-perl 5.41
gisle_aas libwww-perl 5.42
gisle_aas libwww-perl 5.43
gisle_aas libwww-perl 5.44
gisle_aas libwww-perl 5.45
gisle_aas libwww-perl 5.46
gisle_aas libwww-perl 5.47
gisle_aas libwww-perl 5.48
gisle_aas libwww-perl 5.49
gisle_aas libwww-perl 5.50
gisle_aas libwww-perl 5.51
gisle_aas libwww-perl 5.52
gisle_aas libwww-perl 5.53
gisle_aas libwww-perl 5.53_90
gisle_aas libwww-perl 5.53_91
gisle_aas libwww-perl 5.53_92
gisle_aas libwww-perl 5.53_93
gisle_aas libwww-perl 5.53_94
gisle_aas libwww-perl 5.53_95
gisle_aas libwww-perl 5.53_96
gisle_aas libwww-perl 5.53_97
gisle_aas libwww-perl 5.60
gisle_aas libwww-perl 5.61
gisle_aas libwww-perl 5.62
gisle_aas libwww-perl 5.63
gisle_aas libwww-perl 5.64
gisle_aas libwww-perl 5.65
gisle_aas libwww-perl 5.66
gisle_aas libwww-perl 5.67
gisle_aas libwww-perl 5.68
gisle_aas libwww-perl 5.69
gisle_aas libwww-perl 5.70
gisle_aas libwww-perl 5.71
gisle_aas libwww-perl 5.72
gisle_aas libwww-perl 5.73
gisle_aas libwww-perl 5.74
gisle_aas libwww-perl 5.75
gisle_aas libwww-perl 5.76
gisle_aas libwww-perl 5.77
gisle_aas libwww-perl 5.78
gisle_aas libwww-perl 5.79
gisle_aas libwww-perl 5.800
gisle_aas libwww-perl 5.801
gisle_aas libwww-perl 5.802
gisle_aas libwww-perl 5.803
gisle_aas libwww-perl 5.804
gisle_aas libwww-perl 5.805
gisle_aas libwww-perl 5.806
gisle_aas libwww-perl 5.807
gisle_aas libwww-perl 5.808
gisle_aas libwww-perl 5.810
gisle_aas libwww-perl 5.811
gisle_aas libwww-perl 5.812
gisle_aas libwww-perl 5.813
gisle_aas libwww-perl 5.814
gisle_aas libwww-perl 5.815
gisle_aas libwww-perl 5.816
gisle_aas libwww-perl 5.817
gisle_aas libwww-perl 5.818
gisle_aas libwww-perl 5.819
gisle_aas libwww-perl 5.820
gisle_aas libwww-perl 5.821
gisle_aas libwww-perl 5.822
gisle_aas libwww-perl 5.823
gisle_aas libwww-perl 5.824
gisle_aas libwww-perl 5.825
gisle_aas libwww-perl 5.826
gisle_aas libwww-perl 5.827
gisle_aas libwww-perl 5.828
gisle_aas libwww-perl 5.829
gisle_aas libwww-perl 5.830
gisle_aas libwww-perl 5.831
gisle_aas libwww-perl 5.832
gisle_aas libwww-perl 5.833
gisle_aas libwww-perl 5b5
gisle_aas libwww-perl 5b6
gisle_aas libwww-perl 5b7
gisle_aas libwww-perl 5b8
gisle_aas libwww-perl 5b9
gisle_aas libwww-perl 5b10
gisle_aas libwww-perl 5b11
gisle_aas libwww-perl 5b12
gisle_aas libwww-perl 5b13
search.cpan libwww-perl *
search.cpan libwww-perl 5.40_01
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E27B49-7BAB-4E73-A627-D88BC3146474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "54FD5BCD-8BBE-425D-934A-3AFF65EB4599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770F659-BA6A-4CB4-8009-536B4C4B05E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9F8AD9-D36C-4165-A544-F1881D1C1F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D5E204-238C-4065-99A2-910C00282632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D81F9B-2A85-4AD9-943F-A78F41F763E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24EA6C7-E23E-490E-BEBE-EE9E21495743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8816F70-B5D6-4B6F-951B-8171D05F513A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "37787648-A457-4C6A-BD61-826441086535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB67F458-C68E-4EA5-A1D1-BF5FEEBC8CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BC0AE37-7D47-434A-968E-E4C624F2D722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D619A8-5D52-40F6-B18D-32A432E25786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "1891883F-0FF6-4A94-B75E-DA8488B7D065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F52490A-1D0E-44E8-AF16-77E59287CCF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C015CE-C41A-4E93-B037-50215E1F3C7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9544A83F-20A2-4809-96DE-9DFF6790D113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC6247C9-7222-451C-851B-1F557E4DCBE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E47CF979-1016-42DE-8775-F5E8430E0797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C87AE8-6671-44D2-A432-C78B2A68FBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "063D8F9E-3AF3-40AF-BFB7-BC308CE9C4AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "67BF07DA-4C08-4F2B-A823-B03B154F6322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2C8AC00-5CAF-4AF7-B559-10943B452F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "58343CB3-C9BB-4631-9A6E-3191A9284621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18_03:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA300D7-C631-4713-B48A-62F2F2F0C4D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18_04:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A079F29-9629-4252-A942-7BAB86C24FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18_05:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB16DD1-9412-4B35-B4BD-041D5C913BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9435AC92-6A94-4340-99AD-FE8291A2344B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "58AF1D73-B81D-4A99-B2AB-4E4783A9CD22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4959DAC-C4B5-4303-8860-A4DDECEEEBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22ADE9D-EB02-4AE4-8E6F-DDCBC5980B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E2104E9-1D77-444F-B740-13D1B86D1D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "13260089-5A6C-42F1-A664-50650222D190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDCD700-874E-4796-82E2-60BC6C83079A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F3AF322-77F8-40E2-BEB1-17A921A541A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "8678804B-D69B-4D65-9D3C-524273BC02D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49A8A5D-B4C9-4CC8-B402-31CDADE75F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F7B513-6020-45DB-8FD1-14F79B6A2560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F41762-D116-4FE1-92E4-CA096E71FD81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6F430D0-CAA8-4F91-AD6E-52D1BFF5101A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "55594C25-80EC-4B58-BF8A-902D5662992C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "215C0292-644E-488D-BC6C-63E98225AA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5190425-E9E3-48E7-B625-222806C8E88D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53041EC-1540-4B2D-86B4-1DB4CCE2B453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "1004318D-57A5-4FCC-8A91-9FF610467CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A81A02-F7D5-46A7-86E6-877A1D40BFB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "157C4014-7703-4142-A403-8F63DA8E43BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBB5E13-E2E5-475C-9E88-6EE29DDC20DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "60D68CF8-7094-4D09-865D-329BB2FBEFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C0FF0A-CA5A-4914-BBB5-5BFC2722196A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A1D5AC4-0945-4800-AD8A-D6A98F6AF1F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_90:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A8703C-A536-428F-8158-BBD30D3EFC1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_91:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB974C9-2778-4EF1-8FCE-F85164078571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_92:*:*:*:*:*:*:*",
              "matchCriteriaId": "5357B4EA-5764-41FD-88BD-7FBA43426322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_93:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDBD7A4F-01D4-4E96-9D05-C26599C132E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_94:*:*:*:*:*:*:*",
              "matchCriteriaId": "50E157EA-FA06-4BF8-B8B9-DAE9C3F0419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_95:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD246EF0-3EFB-4EDD-858E-1BDEC9098321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_96:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67947C2-4F69-44F9-832C-E072E0235330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_97:*:*:*:*:*:*:*",
              "matchCriteriaId": "24FCB391-E806-4941-B296-76EFC86BD221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AEE7BD-9688-441F-9FE3-6E0B8C769FA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "12ACD395-500A-4B39-839F-0B5A7E03D339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C44DB96-8A82-4991-B84D-26242FE4D260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "C44E3346-B57D-411F-86F9-0A26202B57A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "04433275-344D-451A-A827-768A422B6F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE436C62-DA0D-42BA-91B3-CB1858D30D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "92467A90-7017-4B55-ACB9-41C36C71C3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9CF5A6-C455-491A-8375-58EE6920B852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF2BD049-2985-478B-B3A3-EF5B74E24325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D74F284-5D2D-44EF-AA3C-698F79D4B1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "22F7EDB5-65CC-4C3D-8E00-75F321D682FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12D849F-0AE4-4EE0-AE5D-F86131E79624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F06B4A9-25B9-4C85-9D9A-03FA85BBDB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "292886FF-5A47-4C46-BAC8-E74F0F2277F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CC0D35-0066-4BEF-B91E-E2B9B10E9980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E08F904-3A41-4620-BE8F-BB669315B4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A558FD4-19A0-40C4-9C7E-B8969238E6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A2988D-70FE-48AC-AB0A-705963FE8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E8ED23-A7C7-43A9-8997-1D6C7A9E8653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF1791D2-804C-411F-A52E-29F430415723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.800:*:*:*:*:*:*:*",
              "matchCriteriaId": "54664411-727B-4A5F-AA5F-D0A0BC620F86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.801:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD0D4FB9-D44A-4676-B0EA-4956D3C86D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.802:*:*:*:*:*:*:*",
              "matchCriteriaId": "81427C60-A4E4-43CB-BC13-2B50DFD6D539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFFACF9C-BB7D-4983-BB23-2BDADADFDAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.804:*:*:*:*:*:*:*",
              "matchCriteriaId": "20ACFC84-4D96-4700-9E39-BFD946F49F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.805:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA7072DE-F375-44CB-A691-6B0D8E5DF47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.806:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AC092A8-356A-4803-9541-010F42C87234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.807:*:*:*:*:*:*:*",
              "matchCriteriaId": "2252C9A5-8978-4BD3-8155-2214A50AB959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.808:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3A34B1-72A9-41EE-9130-42B0324F0007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.810:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C03D76-4086-445C-AB14-55AAB1959C2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.811:*:*:*:*:*:*:*",
              "matchCriteriaId": "27DC828D-F942-4150-8F89-C8B44FF26805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.812:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1834EC0-1E38-45A2-B9E6-212F7A14148F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.813:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED5450F3-D72C-466A-869D-4656EE588636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.814:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2505E7D-5EF3-4B2D-BCE4-7D0C3AC9086B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.815:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE44422-3F89-465B-AEF1-2BF4368D1492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.816:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9405D99-2A6E-4F95-AF32-66D54175467B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.817:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BBD0A8-5FE2-4AE3-ADE5-7F7B3235364E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.818:*:*:*:*:*:*:*",
              "matchCriteriaId": "93CB864C-DDCC-49E7-B040-75DDEE4AED30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.819:*:*:*:*:*:*:*",
              "matchCriteriaId": "F08E89B1-B914-426B-9B43-71632B7365CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.820:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7725530-9E9E-441E-83EC-51B4E17676E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.821:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1D6AB6-46E7-4029-B876-D6467F98EDD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.822:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8377175-88D1-4C22-8767-6920FBDBE1AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.823:*:*:*:*:*:*:*",
              "matchCriteriaId": "846D68E6-D825-4B85-A7A9-253696650822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.824:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E5A525-3FC2-4567-A732-6B899C6E110F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.825:*:*:*:*:*:*:*",
              "matchCriteriaId": "7422834D-961A-4A8E-8875-41C932DBB980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.826:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C43515E-DC9D-4030-BA9C-EB4FBA70C6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.827:*:*:*:*:*:*:*",
              "matchCriteriaId": "F50558F8-6983-4918-84FA-2441C2CA4496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.828:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5AC2B0C-989B-4196-9FC6-28072BAFFD57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.829:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDB9E414-F29B-4CA1-950B-60DEB44D3D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.830:*:*:*:*:*:*:*",
              "matchCriteriaId": "C62CDFBD-1D17-49CC-9DEC-8EBCEA17AF56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.831:*:*:*:*:*:*:*",
              "matchCriteriaId": "E965E441-C7EC-4278-921D-022DF1554A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.832:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB3DC4AE-DD2A-4C92-BCD8-47A654A416B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.833:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6BB4008-FE76-4924-8210-79C16BF1DC14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB02C6EC-2BF3-48FC-94A1-63731128924F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76FD2695-D659-4934-A1C2-441008AC5F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b7:*:*:*:*:*:*:*",
              "matchCriteriaId": "09322A2F-603A-44F1-BBF8-D9E45DA95C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b8:*:*:*:*:*:*:*",
              "matchCriteriaId": "458B74D2-6744-407A-BE7F-DDEA4965900B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b9:*:*:*:*:*:*:*",
              "matchCriteriaId": "29C4D3DF-9619-4072-A115-89FD16B8042F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D999201C-8E91-43D9-9A58-DF1BC46DC5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAE8FC0-DB28-4126-8856-00F760917C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E9416AF-B15C-48B0-A144-228C9F023243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9AE6E07-BF65-432E-9548-966920E1272F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:search.cpan:libwww-perl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E14A60-87EE-41D1-879F-1D0A253955EA",
              "versionEndIncluding": "5.834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:search.cpan:libwww-perl:5.40_01:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BD2C77-8AA8-479A-A382-632EE81C7EA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."
    },
    {
      "lang": "es",
      "value": "lwp-download en libwww-perl anterior a v5.835 no rechaza las descargas de nombres de archivo que empiezan por el caracter . (punto),lo cual permite a los servidores remotos crear o sobreescribir ficheros a trav\u00e9s de (1) una redirecci\u00f3n 3xx a una URL con un nombre de archivo manipulado o (2) una cabecera \"Content-Disposition\" que sugiere un nombre de archivo manipulado, y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n como consecuencia de escibir un archivo con punto en el directorio home."
    }
  ],
  "id": "CVE-2010-2253",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-07-06T17:17:13.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-981-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/2872"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127411372529485\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127611288927500\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2010-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-981-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.