CVE-2011-3597

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://secunia.com/advisories/46279	Vendor Advisory
http://secunia.com/advisories/51457
http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
http://www.mandriva.com/security/advisories?name=MDVSA-2012:009
http://www.redhat.com/support/errata/RHSA-2011-1424.html
http://www.redhat.com/support/errata/RHSA-2011-1797.html
http://www.securityfocus.com/bid/49911
http://www.ubuntu.com/usn/USN-1643-1
https://bugzilla.redhat.com/show_bug.cgi?id=743010	Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://secunia.com/advisories/46279	Vendor Advisory
http://secunia.com/advisories/51457
http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
http://www.mandriva.com/security/advisories?name=MDVSA-2012:009
http://www.redhat.com/support/errata/RHSA-2011-1424.html
http://www.redhat.com/support/errata/RHSA-2011-1797.html
http://www.securityfocus.com/bid/49911
http://www.ubuntu.com/usn/USN-1643-1
https://bugzilla.redhat.com/show_bug.cgi?id=743010	Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gisle_aas:digest:1.00:::::::*
	cpe:2.3:a:gisle_aas:digest:1.01:::::::*
	cpe:2.3:a:gisle_aas:digest:1.02:::::::*
	cpe:2.3:a:gisle_aas:digest:1.03:::::::*
	cpe:2.3:a:gisle_aas:digest:1.04:::::::*
	cpe:2.3:a:gisle_aas:digest:1.05:::::::*
	cpe:2.3:a:gisle_aas:digest:1.06:::::::*
	cpe:2.3:a:gisle_aas:digest:1.07:::::::*
	cpe:2.3:a:gisle_aas:digest:1.08:::::::*
	cpe:2.3:a:gisle_aas:digest:1.09:::::::*
	cpe:2.3:a:gisle_aas:digest:1.10:::::::*
	cpe:2.3:a:gisle_aas:digest:1.11:::::::*
	cpe:2.3:a:gisle_aas:digest:1.12:::::::*
	cpe:2.3:a:gisle_aas:digest:1.13:::::::*
	cpe:2.3:a:gisle_aas:digest:1.14:::::::*
	cpe:2.3:a:gisle_aas:digest:1.15:::::::*
	cpe:2.3:a:gisle_aas:digest:1.16:::::::*

History

21 Nov 2024, 01:30

Type	Values Removed	Values Added
References	~~() http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc -~~	() http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc -
References	~~() http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes -~~	() http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes -
References	~~() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 -~~	() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 -
References	~~() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 -~~	() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 -
References	~~() http://secunia.com/advisories/46279 - Vendor Advisory~~	() http://secunia.com/advisories/46279 - Vendor Advisory
References	~~() http://secunia.com/advisories/51457 -~~	() http://secunia.com/advisories/51457 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:009 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:009 -
References	~~() http://www.redhat.com/support/errata/RHSA-2011-1424.html -~~	() http://www.redhat.com/support/errata/RHSA-2011-1424.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2011-1797.html -~~	() http://www.redhat.com/support/errata/RHSA-2011-1797.html -
References	~~() http://www.securityfocus.com/bid/49911 -~~	() http://www.securityfocus.com/bid/49911 -
References	~~() http://www.ubuntu.com/usn/USN-1643-1 -~~	() http://www.ubuntu.com/usn/USN-1643-1 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=743010 - Patch~~	() https://bugzilla.redhat.com/show_bug.cgi?id=743010 - Patch
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446 -

Information

Published : 2012-01-13 18:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-3597

Mitre link : CVE-2011-3597

CVE.ORG link : CVE-2011-3597

JSON object : View

Products Affected

gisle_aas

digest

CWE

CWE-20

Improper Input Validation

7.5 /10