Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-1487
Description:The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Test IDs: 1.3.6.1.4.1.25623.1.0.69487   1.3.6.1.4.1.25623.1.0.69971   1.3.6.1.4.1.25623.1.0.801771   1.3.6.1.4.1.25623.1.0.862981   1.3.6.1.4.1.25623.1.0.831401  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-1487
BugTraq ID: 47124
http://www.securityfocus.com/bid/47124
Debian Security Information: DSA-2265 (Google Search)
http://www.debian.org/security/2011/dsa-2265
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
XForce ISS Database: perl-laundering-security-bypass(66528)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528




© 1998-2021 E-Soft Inc. All rights reserved.