CVE-2011-1487

Published Apr 11, 2011
Last updated a month ago
CVSS info 5.0
Overview

Description: The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Source: secalert@redhat.com
NVD status: Deferred
Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-264
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC"
          },
          {
            "criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
