{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-09-08T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"}, {"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "FEDORA-2010-15532", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"name": "FEDORA-2010-15405", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "USN-981-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-981-1"}, {"name": "ADV-2010-2872", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2872"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2253", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=602800", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"}, {"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"name": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes", "refsource": "CONFIRM", "url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "FEDORA-2010-15532", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"}, {"name": "http://www.ocert.org/advisories/ocert-2010-001.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"name": "FEDORA-2010-15405", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=591580", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "USN-981-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-981-1"}, {"name": "ADV-2010-2872", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2872"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:25:07.548Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"}, {"name": "[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"}, {"name": "[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"name": "FEDORA-2010-15532", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"name": "FEDORA-2010-15405", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"name": "USN-981-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-981-1"}, {"name": "ADV-2010-2872", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2872"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2253", "datePublished": "2010-07-06T14:00:00", "dateReserved": "2010-06-09T00:00:00", "dateUpdated": "2024-08-07T02:25:07.548Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.01:*:*:*:*:*:*:*", "matchCriteriaId": "06E27B49-7BAB-4E73-A627-D88BC3146474", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.02:*:*:*:*:*:*:*", "matchCriteriaId": "54FD5BCD-8BBE-425D-934A-3AFF65EB4599", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.03:*:*:*:*:*:*:*", "matchCriteriaId": "6770F659-BA6A-4CB4-8009-536B4C4B05E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:0.04:*:*:*:*:*:*:*", "matchCriteriaId": "FF9F8AD9-D36C-4165-A544-F1881D1C1F42", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.00:*:*:*:*:*:*:*", "matchCriteriaId": "D7D5E204-238C-4065-99A2-910C00282632", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "56D81F9B-2A85-4AD9-943F-A78F41F763E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.02:*:*:*:*:*:*:*", "matchCriteriaId": "A24EA6C7-E23E-490E-BEBE-EE9E21495743", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.03:*:*:*:*:*:*:*", "matchCriteriaId": "F8816F70-B5D6-4B6F-951B-8171D05F513A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.04:*:*:*:*:*:*:*", "matchCriteriaId": "37787648-A457-4C6A-BD61-826441086535", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.05:*:*:*:*:*:*:*", "matchCriteriaId": "BB67F458-C68E-4EA5-A1D1-BF5FEEBC8CD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.06:*:*:*:*:*:*:*", "matchCriteriaId": "4BC0AE37-7D47-434A-968E-E4C624F2D722", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.07:*:*:*:*:*:*:*", "matchCriteriaId": "16D619A8-5D52-40F6-B18D-32A432E25786", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.08:*:*:*:*:*:*:*", "matchCriteriaId": "1891883F-0FF6-4A94-B75E-DA8488B7D065", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.09:*:*:*:*:*:*:*", "matchCriteriaId": "3F52490A-1D0E-44E8-AF16-77E59287CCF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "74C015CE-C41A-4E93-B037-50215E1F3C7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.11:*:*:*:*:*:*:*", "matchCriteriaId": "9544A83F-20A2-4809-96DE-9DFF6790D113", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "AC6247C9-7222-451C-851B-1F557E4DCBE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.13:*:*:*:*:*:*:*", "matchCriteriaId": "E47CF979-1016-42DE-8775-F5E8430E0797", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.14:*:*:*:*:*:*:*", "matchCriteriaId": "26C87AE8-6671-44D2-A432-C78B2A68FBC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.15:*:*:*:*:*:*:*", "matchCriteriaId": "063D8F9E-3AF3-40AF-BFB7-BC308CE9C4AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.16:*:*:*:*:*:*:*", "matchCriteriaId": "67BF07DA-4C08-4F2B-A823-B03B154F6322", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.17:*:*:*:*:*:*:*", "matchCriteriaId": "A2C8AC00-5CAF-4AF7-B559-10943B452F33", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18:*:*:*:*:*:*:*", "matchCriteriaId": "58343CB3-C9BB-4631-9A6E-3191A9284621", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18_03:*:*:*:*:*:*:*", "matchCriteriaId": "BDA300D7-C631-4713-B48A-62F2F2F0C4D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18_04:*:*:*:*:*:*:*", "matchCriteriaId": "5A079F29-9629-4252-A942-7BAB86C24FA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.18_05:*:*:*:*:*:*:*", "matchCriteriaId": "6BB16DD1-9412-4B35-B4BD-041D5C913BDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.19:*:*:*:*:*:*:*", "matchCriteriaId": "9435AC92-6A94-4340-99AD-FE8291A2344B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.20:*:*:*:*:*:*:*", "matchCriteriaId": "58AF1D73-B81D-4A99-B2AB-4E4783A9CD22", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.21:*:*:*:*:*:*:*", "matchCriteriaId": "F4959DAC-C4B5-4303-8860-A4DDECEEEBA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.22:*:*:*:*:*:*:*", "matchCriteriaId": "F22ADE9D-EB02-4AE4-8E6F-DDCBC5980B17", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.30:*:*:*:*:*:*:*", "matchCriteriaId": "8E2104E9-1D77-444F-B740-13D1B86D1D27", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.31:*:*:*:*:*:*:*", "matchCriteriaId": "13260089-5A6C-42F1-A664-50650222D190", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.32:*:*:*:*:*:*:*", "matchCriteriaId": "4EDCD700-874E-4796-82E2-60BC6C83079A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.33:*:*:*:*:*:*:*", "matchCriteriaId": "8F3AF322-77F8-40E2-BEB1-17A921A541A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.34:*:*:*:*:*:*:*", "matchCriteriaId": "8678804B-D69B-4D65-9D3C-524273BC02D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.35:*:*:*:*:*:*:*", "matchCriteriaId": "A49A8A5D-B4C9-4CC8-B402-31CDADE75F05", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.36:*:*:*:*:*:*:*", "matchCriteriaId": "F6F7B513-6020-45DB-8FD1-14F79B6A2560", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.41:*:*:*:*:*:*:*", "matchCriteriaId": "E3F41762-D116-4FE1-92E4-CA096E71FD81", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.42:*:*:*:*:*:*:*", "matchCriteriaId": "C6F430D0-CAA8-4F91-AD6E-52D1BFF5101A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.43:*:*:*:*:*:*:*", "matchCriteriaId": "55594C25-80EC-4B58-BF8A-902D5662992C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.44:*:*:*:*:*:*:*", "matchCriteriaId": "215C0292-644E-488D-BC6C-63E98225AA33", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.45:*:*:*:*:*:*:*", "matchCriteriaId": "C5190425-E9E3-48E7-B625-222806C8E88D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.46:*:*:*:*:*:*:*", "matchCriteriaId": "F53041EC-1540-4B2D-86B4-1DB4CCE2B453", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.47:*:*:*:*:*:*:*", "matchCriteriaId": "1004318D-57A5-4FCC-8A91-9FF610467CC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.48:*:*:*:*:*:*:*", "matchCriteriaId": "B0A81A02-F7D5-46A7-86E6-877A1D40BFB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.49:*:*:*:*:*:*:*", "matchCriteriaId": "157C4014-7703-4142-A403-8F63DA8E43BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.50:*:*:*:*:*:*:*", "matchCriteriaId": "1EBB5E13-E2E5-475C-9E88-6EE29DDC20DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.51:*:*:*:*:*:*:*", "matchCriteriaId": "60D68CF8-7094-4D09-865D-329BB2FBEFCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.52:*:*:*:*:*:*:*", "matchCriteriaId": "99C0FF0A-CA5A-4914-BBB5-5BFC2722196A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53:*:*:*:*:*:*:*", "matchCriteriaId": "0A1D5AC4-0945-4800-AD8A-D6A98F6AF1F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_90:*:*:*:*:*:*:*", "matchCriteriaId": "99A8703C-A536-428F-8158-BBD30D3EFC1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_91:*:*:*:*:*:*:*", "matchCriteriaId": "6BB974C9-2778-4EF1-8FCE-F85164078571", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_92:*:*:*:*:*:*:*", "matchCriteriaId": "5357B4EA-5764-41FD-88BD-7FBA43426322", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_93:*:*:*:*:*:*:*", "matchCriteriaId": "EDBD7A4F-01D4-4E96-9D05-C26599C132E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_94:*:*:*:*:*:*:*", "matchCriteriaId": "50E157EA-FA06-4BF8-B8B9-DAE9C3F0419B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_95:*:*:*:*:*:*:*", "matchCriteriaId": "CD246EF0-3EFB-4EDD-858E-1BDEC9098321", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_96:*:*:*:*:*:*:*", "matchCriteriaId": "E67947C2-4F69-44F9-832C-E072E0235330", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.53_97:*:*:*:*:*:*:*", "matchCriteriaId": "24FCB391-E806-4941-B296-76EFC86BD221", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.60:*:*:*:*:*:*:*", "matchCriteriaId": "45AEE7BD-9688-441F-9FE3-6E0B8C769FA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.61:*:*:*:*:*:*:*", "matchCriteriaId": "12ACD395-500A-4B39-839F-0B5A7E03D339", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.62:*:*:*:*:*:*:*", "matchCriteriaId": "8C44DB96-8A82-4991-B84D-26242FE4D260", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.63:*:*:*:*:*:*:*", "matchCriteriaId": "C44E3346-B57D-411F-86F9-0A26202B57A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.64:*:*:*:*:*:*:*", "matchCriteriaId": "04433275-344D-451A-A827-768A422B6F05", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.65:*:*:*:*:*:*:*", "matchCriteriaId": "CE436C62-DA0D-42BA-91B3-CB1858D30D99", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.66:*:*:*:*:*:*:*", "matchCriteriaId": "92467A90-7017-4B55-ACB9-41C36C71C3D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.67:*:*:*:*:*:*:*", "matchCriteriaId": "0A9CF5A6-C455-491A-8375-58EE6920B852", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.68:*:*:*:*:*:*:*", "matchCriteriaId": "AF2BD049-2985-478B-B3A3-EF5B74E24325", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.69:*:*:*:*:*:*:*", "matchCriteriaId": "7D74F284-5D2D-44EF-AA3C-698F79D4B1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.70:*:*:*:*:*:*:*", "matchCriteriaId": "22F7EDB5-65CC-4C3D-8E00-75F321D682FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.71:*:*:*:*:*:*:*", "matchCriteriaId": "D12D849F-0AE4-4EE0-AE5D-F86131E79624", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.72:*:*:*:*:*:*:*", "matchCriteriaId": "4F06B4A9-25B9-4C85-9D9A-03FA85BBDB0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.73:*:*:*:*:*:*:*", "matchCriteriaId": "292886FF-5A47-4C46-BAC8-E74F0F2277F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.74:*:*:*:*:*:*:*", "matchCriteriaId": "96CC0D35-0066-4BEF-B91E-E2B9B10E9980", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.75:*:*:*:*:*:*:*", "matchCriteriaId": "5E08F904-3A41-4620-BE8F-BB669315B4EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.76:*:*:*:*:*:*:*", "matchCriteriaId": "6A558FD4-19A0-40C4-9C7E-B8969238E6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.77:*:*:*:*:*:*:*", "matchCriteriaId": "32A2988D-70FE-48AC-AB0A-705963FE8CDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.78:*:*:*:*:*:*:*", "matchCriteriaId": "E5E8ED23-A7C7-43A9-8997-1D6C7A9E8653", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.79:*:*:*:*:*:*:*", "matchCriteriaId": "CF1791D2-804C-411F-A52E-29F430415723", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.800:*:*:*:*:*:*:*", "matchCriteriaId": "54664411-727B-4A5F-AA5F-D0A0BC620F86", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.801:*:*:*:*:*:*:*", "matchCriteriaId": "FD0D4FB9-D44A-4676-B0EA-4956D3C86D8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.802:*:*:*:*:*:*:*", "matchCriteriaId": "81427C60-A4E4-43CB-BC13-2B50DFD6D539", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.803:*:*:*:*:*:*:*", "matchCriteriaId": "CFFACF9C-BB7D-4983-BB23-2BDADADFDAD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.804:*:*:*:*:*:*:*", "matchCriteriaId": "20ACFC84-4D96-4700-9E39-BFD946F49F8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.805:*:*:*:*:*:*:*", "matchCriteriaId": "AA7072DE-F375-44CB-A691-6B0D8E5DF47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.806:*:*:*:*:*:*:*", "matchCriteriaId": "1AC092A8-356A-4803-9541-010F42C87234", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.807:*:*:*:*:*:*:*", "matchCriteriaId": "2252C9A5-8978-4BD3-8155-2214A50AB959", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.808:*:*:*:*:*:*:*", "matchCriteriaId": "4A3A34B1-72A9-41EE-9130-42B0324F0007", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.810:*:*:*:*:*:*:*", "matchCriteriaId": "B3C03D76-4086-445C-AB14-55AAB1959C2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.811:*:*:*:*:*:*:*", "matchCriteriaId": "27DC828D-F942-4150-8F89-C8B44FF26805", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.812:*:*:*:*:*:*:*", "matchCriteriaId": "F1834EC0-1E38-45A2-B9E6-212F7A14148F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.813:*:*:*:*:*:*:*", "matchCriteriaId": "ED5450F3-D72C-466A-869D-4656EE588636", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.814:*:*:*:*:*:*:*", "matchCriteriaId": "D2505E7D-5EF3-4B2D-BCE4-7D0C3AC9086B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.815:*:*:*:*:*:*:*", "matchCriteriaId": "3AE44422-3F89-465B-AEF1-2BF4368D1492", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.816:*:*:*:*:*:*:*", "matchCriteriaId": "A9405D99-2A6E-4F95-AF32-66D54175467B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.817:*:*:*:*:*:*:*", "matchCriteriaId": "64BBD0A8-5FE2-4AE3-ADE5-7F7B3235364E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.818:*:*:*:*:*:*:*", "matchCriteriaId": "93CB864C-DDCC-49E7-B040-75DDEE4AED30", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.819:*:*:*:*:*:*:*", "matchCriteriaId": "F08E89B1-B914-426B-9B43-71632B7365CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.820:*:*:*:*:*:*:*", "matchCriteriaId": "F7725530-9E9E-441E-83EC-51B4E17676E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.821:*:*:*:*:*:*:*", "matchCriteriaId": "0D1D6AB6-46E7-4029-B876-D6467F98EDD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.822:*:*:*:*:*:*:*", "matchCriteriaId": "B8377175-88D1-4C22-8767-6920FBDBE1AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.823:*:*:*:*:*:*:*", "matchCriteriaId": "846D68E6-D825-4B85-A7A9-253696650822", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.824:*:*:*:*:*:*:*", "matchCriteriaId": "C4E5A525-3FC2-4567-A732-6B899C6E110F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.825:*:*:*:*:*:*:*", "matchCriteriaId": "7422834D-961A-4A8E-8875-41C932DBB980", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.826:*:*:*:*:*:*:*", "matchCriteriaId": "2C43515E-DC9D-4030-BA9C-EB4FBA70C6B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.827:*:*:*:*:*:*:*", "matchCriteriaId": "F50558F8-6983-4918-84FA-2441C2CA4496", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.828:*:*:*:*:*:*:*", "matchCriteriaId": "B5AC2B0C-989B-4196-9FC6-28072BAFFD57", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.829:*:*:*:*:*:*:*", "matchCriteriaId": "DDB9E414-F29B-4CA1-950B-60DEB44D3D74", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.830:*:*:*:*:*:*:*", "matchCriteriaId": "C62CDFBD-1D17-49CC-9DEC-8EBCEA17AF56", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.831:*:*:*:*:*:*:*", "matchCriteriaId": "E965E441-C7EC-4278-921D-022DF1554A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.832:*:*:*:*:*:*:*", "matchCriteriaId": "BB3DC4AE-DD2A-4C92-BCD8-47A654A416B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5.833:*:*:*:*:*:*:*", "matchCriteriaId": "C6BB4008-FE76-4924-8210-79C16BF1DC14", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b5:*:*:*:*:*:*:*", "matchCriteriaId": "DB02C6EC-2BF3-48FC-94A1-63731128924F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b6:*:*:*:*:*:*:*", "matchCriteriaId": "76FD2695-D659-4934-A1C2-441008AC5F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b7:*:*:*:*:*:*:*", "matchCriteriaId": "09322A2F-603A-44F1-BBF8-D9E45DA95C32", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b8:*:*:*:*:*:*:*", "matchCriteriaId": "458B74D2-6744-407A-BE7F-DDEA4965900B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b9:*:*:*:*:*:*:*", "matchCriteriaId": "29C4D3DF-9619-4072-A115-89FD16B8042F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b10:*:*:*:*:*:*:*", "matchCriteriaId": "D999201C-8E91-43D9-9A58-DF1BC46DC5C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b11:*:*:*:*:*:*:*", "matchCriteriaId": "3CAE8FC0-DB28-4126-8856-00F760917C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b12:*:*:*:*:*:*:*", "matchCriteriaId": "8E9416AF-B15C-48B0-A144-228C9F023243", "vulnerable": true}, {"criteria": "cpe:2.3:a:gisle_aas:libwww-perl:5b13:*:*:*:*:*:*:*", "matchCriteriaId": "B9AE6E07-BF65-432E-9548-966920E1272F", "vulnerable": true}, {"criteria": "cpe:2.3:a:search.cpan:libwww-perl:*:*:*:*:*:*:*:*", "matchCriteriaId": "83E14A60-87EE-41D1-879F-1D0A253955EA", "versionEndIncluding": "5.834", "vulnerable": true}, {"criteria": "cpe:2.3:a:search.cpan:libwww-perl:5.40_01:*:*:*:*:*:*:*", "matchCriteriaId": "62BD2C77-8AA8-479A-A382-632EE81C7EA1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."}, {"lang": "es", "value": "lwp-download en libwww-perl anterior a v5.835 no rechaza las descargas de nombres de archivo que empiezan por el caracter . (punto),lo cual permite a los servidores remotos crear o sobreescribir ficheros a trav\u00e9s de (1) una redirecci\u00f3n 3xx a una URL con un nombre de archivo manipulado o (2) una cabecera \"Content-Disposition\" que sugiere un nombre de archivo manipulado, y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n como consecuencia de escibir un archivo con punto en el directorio home."}], "id": "CVE-2010-2253", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-07-06T17:17:13.360", "references": [{"source": "cve@mitre.org", "url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"source": "cve@mitre.org", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-981-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/2872"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050232.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050245.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127411372529485&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127611288927500&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocert.org/advisories/ocert-2010-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-981-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/2872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=591580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "perl-libwww-perl: multiple HTTP client download filename vulnerability [OCERT 2010-001]", "id": "602800", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602800"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "draft"}, "details": ["lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory."], "name": "CVE-2010-2253", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Will not fix", "package_name": "perl-libwww-perl", "product_name": "Red Hat Enterprise Linux 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "perl-libwww-perl", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "perl-libwww-perl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "perl-libwww-perl", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2253\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2253"], "threat_severity": "Low"}

{}