Executive Summary



This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
Informations
Name CVE-2011-2201 First vendor Publication 2011-09-14
Vendor Cve Last vendor Modification 2011-09-14

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2201

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 72
Application 1

OpenVAS Exploits

Date Description
2012-04-02 Name : Fedora Update for perl-Data-FormValidator FEDORA-2011-11680
File : nvt/gb_fedora_2011_11680_perl-Data-FormValidator_fc16.nasl
2011-09-12 Name : Fedora Update for perl-Data-FormValidator FEDORA-2011-11756
File : nvt/gb_fedora_2011_11756_perl-Data-FormValidator_fc15.nasl
2011-09-12 Name : Fedora Update for perl-Data-FormValidator FEDORA-2011-11805
File : nvt/gb_fedora_2011_11805_perl-Data-FormValidator_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
72962 Perl Data::FormValidator Module D::F::Results Field Validation Bypass

Nessus® Vulnerability Scanner

Date Description
2011-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11756.nasl - Type : ACT_GATHER_INFO
2011-09-09 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11805.nasl - Type : ACT_GATHER_INFO
2011-09-07 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11680.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/48167
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511
https://bugzilla.redhat.com/show_bug.cgi?id=712694
https://rt.cpan.org/Public/Bug/Display.html?id=61792
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0654...
MLIST http://www.openwall.com/lists/oss-security/2011/06/12/3
http://www.openwall.com/lists/oss-security/2011/06/13/13
http://www.openwall.com/lists/oss-security/2011/06/13/5

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2019-05-10 12:03:57
  • Multiple Updates
2016-06-29 00:20:43
  • Multiple Updates
2016-04-26 20:48:22
  • Multiple Updates
2014-02-17 11:02:51
  • Multiple Updates
2013-05-10 23:01:31
  • Multiple Updates