{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-01T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"}, {"name": "SUSE-SR:2011:009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"name": "FEDORA-2011-4610", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"}, {"name": "44168", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44168"}, {"name": "43921", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43921"}, {"name": "DSA-2265", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2265"}, {"name": "FEDORA-2011-4631", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"}, {"name": "47124", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47124"}, {"name": "[oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/04/35"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"}, {"name": "MDVSA-2011:091", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"}, {"name": "perl-laundering-security-bypass(66528)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"}, {"name": "[oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/04/01/3"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.416Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"}, {"name": "SUSE-SR:2011:009", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"name": "FEDORA-2011-4610", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"}, {"name": "44168", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44168"}, {"name": "43921", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43921"}, {"name": "DSA-2265", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2265"}, {"name": "FEDORA-2011-4631", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"}, {"name": "47124", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47124"}, {"name": "[oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/04/35"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"}, {"name": "MDVSA-2011:091", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"}, {"name": "perl-laundering-security-bypass(66528)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"}, {"name": "[oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/04/01/3"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1487", "datePublished": "2011-04-11T18:00:00", "dateReserved": "2011-03-21T00:00:00", "dateUpdated": "2024-08-06T22:28:41.416Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*", "matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*", "matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*", "matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*", "matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*", "matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*", "matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string."}, {"lang": "es", "value": "Las funciones (1) lc, (2) lcfirst, (3) uc, y (4) ucfirst en Perl v5.10.x, v5.11.x, y v5.12.x hasta v5.12.3, y v5.13.x hasta v5.13.11, no aplica el atributo taint para devolver el valor sobre el proceso de entrada tainted, lo que puede permitir a atacantes dependientes del contexto evitar el mecanismo de protecci\u00f3n de taint a trav\u00e9s de una cadena manipulada."}], "id": "CVE-2011-1487", "lastModified": "2024-11-21T01:26:25.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-11T18:55:03.773", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/01/3"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/04/35"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43921"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/44168"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2265"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/47124"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/01/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://openwall.com/lists/oss-security/2011/04/04/35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/47124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0558", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "perl-4:5.10.1-119.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-05-19T00:00:00Z"}], "bugzilla": {"description": "perl: lc(), uc() routines are laundering tainted data", "id": "692898", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string."], "name": "CVE-2011-1487", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2011-03-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1487\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1487"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact, and it did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4 and 5. A future update in Red Hat Enterprise Linux 6 may address this flaw.", "threat_severity": "Low"}