CVE-2011-1589

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://perlninja.posterous.com/sharks-in-the-water", "name": "http://perlninja.posterous.com/sharks-in-the-water", "tags": [], "refsource": "MISC"}, {"url": "http://openwall.com/lists/oss-security/2011/04/17/1", "name": "[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability", "tags": ["Exploit", "Patch"], "refsource": "MLIST"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=697229", "tags": ["Exploit", "Patch"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2011/04/18/3", "name": "[oss-security] 20110418 CVE request: Mojolicious", "tags": ["Exploit", "Patch"], "refsource": "MLIST"}, {"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz", "name": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/71850", "name": "71850", "tags": ["Exploit"], "refsource": "OSVDB"}, {"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes", "name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes", "tags": [], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2011/04/18/7", "name": "[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability", "tags": ["Exploit"], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/47402", "name": "47402", "tags": [], "refsource": "BID"}, {"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818", "name": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "https://github.com/kraih/mojo/issues/114", "name": "https://github.com/kraih/mojo/issues/114", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/44051", "name": "44051", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/1093", "name": "ADV-2011-1093", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2011/1072", "name": "ADV-2011-1072", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/44359", "name": "44359", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html", "name": "FEDORA-2011-5504", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.debian.org/security/2011/dsa-2221", "name": "DSA-2221", "tags": [], "refsource": "DEBIAN"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html", "name": "FEDORA-2011-5505", "tags": [], "refsource": "FEDORA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830", "name": "mojolicious-url-directory-traversal(66830)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1589", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-04-29T22:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999933:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999932:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999926:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999934:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999927:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999935:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999928:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999941:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999930:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999940:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999938:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999950:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999939:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:1.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999929:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999931:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999937:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.999936:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:34Z"}