CVE-2011-1589

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1589
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952 Exploit
http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html
http://openwall.com/lists/oss-security/2011/04/17/1 Exploit Patch
http://openwall.com/lists/oss-security/2011/04/18/3 Exploit Patch
http://openwall.com/lists/oss-security/2011/04/18/7 Exploit
http://perlninja.posterous.com/sharks-in-the-water
http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz Patch
http://secunia.com/advisories/44051 Vendor Advisory
http://secunia.com/advisories/44359
http://www.debian.org/security/2011/dsa-2221
http://www.osvdb.org/71850 Exploit
http://www.securityfocus.com/bid/47402
http://www.vupen.com/english/advisories/2011/1072
http://www.vupen.com/english/advisories/2011/1093
https://bugzilla.redhat.com/show_bug.cgi?id=697229 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66830
https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818 Patch
https://github.com/kraih/mojo/issues/114 Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999926:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999927:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999928:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999929:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999930:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999931:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999932:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999933:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999934:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999935:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999936:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999937:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999938:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999939:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999940:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999941:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:0.999950:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.01:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.11:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.12:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.13:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.14:*:*:*:*:*:*:*
cpe:2.3:a:mojolicious:mojolicious:1.15:*:*:*:*:*:*:*
History

No history.

Information

Published : 2011-04-29 22:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-1589

Mitre link : CVE-2011-1589

CVE.ORG link : CVE-2011-1589

JSON object : View

Products Affected

mojolicious

  • mojolicious
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')