Web application abuses : Mojolicious < 1.16 Directory Traversal Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801882

Categoría: Web application abuses

Título: Mojolicious < 1.16 Directory Traversal Vulnerability - Active Check

Resumen: Mojolicious is prone to a directory traversal vulnerability.

Descripción: Summary:
Mojolicious is prone to a directory traversal vulnerability.

Vulnerability Insight:
The flaw is due to an error in 'Path.pm', which allows remote
attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

Vulnerability Impact:
Successful exploitation will allow attacker to obtain sensitive
information that could aid in further attacks.

Affected Software/OS:
Mojolicious prior to version 1.16.

Solution:
Update to version 1.16 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1589
44051
http://secunia.com/advisories/44051
44359
http://secunia.com/advisories/44359
47402
http://www.securityfocus.com/bid/47402
71850
http://www.osvdb.org/71850
ADV-2011-1072
http://www.vupen.com/english/advisories/2011/1072
ADV-2011-1093
http://www.vupen.com/english/advisories/2011/1093
DSA-2221
http://www.debian.org/security/2011/dsa-2221
FEDORA-2011-5504
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html
FEDORA-2011-5505
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html
[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability
http://openwall.com/lists/oss-security/2011/04/17/1
[oss-security] 20110418 CVE request: Mojolicious
http://openwall.com/lists/oss-security/2011/04/18/3
[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability
http://openwall.com/lists/oss-security/2011/04/18/7
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952
http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes
http://perlninja.posterous.com/sharks-in-the-water
http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz
https://bugzilla.redhat.com/show_bug.cgi?id=697229
https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818
https://github.com/kraih/mojo/issues/114
mojolicious-url-directory-traversal(66830)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66830

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801882
Categoría:	Web application abuses
Título:	Mojolicious < 1.16 Directory Traversal Vulnerability - Active Check
Resumen:	Mojolicious is prone to a directory traversal vulnerability.
Descripción:	Summary: Mojolicious is prone to a directory traversal vulnerability. Vulnerability Insight: The flaw is due to an error in 'Path.pm', which allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI. Vulnerability Impact: Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Affected Software/OS: Mojolicious prior to version 1.16. Solution: Update to version 1.16 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1589 44051 http://secunia.com/advisories/44051 44359 http://secunia.com/advisories/44359 47402 http://www.securityfocus.com/bid/47402 71850 http://www.osvdb.org/71850 ADV-2011-1072 http://www.vupen.com/english/advisories/2011/1072 ADV-2011-1093 http://www.vupen.com/english/advisories/2011/1093 DSA-2221 http://www.debian.org/security/2011/dsa-2221 FEDORA-2011-5504 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html FEDORA-2011-5505 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html [oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability http://openwall.com/lists/oss-security/2011/04/17/1 [oss-security] 20110418 CVE request: Mojolicious http://openwall.com/lists/oss-security/2011/04/18/3 [oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability http://openwall.com/lists/oss-security/2011/04/18/7 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952 http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes http://perlninja.posterous.com/sharks-in-the-water http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz https://bugzilla.redhat.com/show_bug.cgi?id=697229 https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818 https://github.com/kraih/mojo/issues/114 mojolicious-url-directory-traversal(66830) https://exchange.xforce.ibmcloud.com/vulnerabilities/66830
Copyright	Copyright (C) 2011 Greenbone AG