6.8

CVE-2013-4407

EPSS 2.88%
Veröffentlicht 23.11.2013 18:55:04
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

NVD 26 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Http-body Project ≫ Http-body Version <= 1.17

Http-body Project ≫ Http-body Version0.01

Http-body Project ≫ Http-body Version0.2

Http-body Project ≫ Http-body Version0.03

Http-body Project ≫ Http-body Version0.4

Http-body Project ≫ Http-body Version0.5

Http-body Project ≫ Http-body Version0.6

Http-body Project ≫ Http-body Version0.7

Http-body Project ≫ Http-body Version0.8

Http-body Project ≫ Http-body Version0.9

Http-body Project ≫ Http-body Version1.00

Http-body Project ≫ Http-body Version1.01

Http-body Project ≫ Http-body Version1.02

Http-body Project ≫ Http-body Version1.03

Http-body Project ≫ Http-body Version1.04

Http-body Project ≫ Http-body Version1.05

Http-body Project ≫ Http-body Version1.06

Http-body Project ≫ Http-body Version1.07

Http-body Project ≫ Http-body Version1.08

Http-body Project ≫ Http-body Version1.09

Http-body Project ≫ Http-body Version1.10

Http-body Project ≫ Http-body Version1.11

Http-body Project ≫ Http-body Version1.12

Http-body Project ≫ Http-body Version1.14

Http-body Project ≫ Http-body Version1.15

Http-body Project ≫ Http-body Version1.16

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.88%	0.85

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634

http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=13ac5b23c083bc56e32dd706ca02fca292bd2161

http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=cc75c886256f187cda388641931e8dafad6c2346

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html

http://www.debian.org/security/2013/dsa-2801

http://www.openwall.com/lists/oss-security/2024/04/07/1

https://metacpan.org/release/GETTY/HTTP-Body-1.23/

https://www.openwall.com/lists/oss-security/2024/04/07/1

https://nvd.nist.gov/vuln/detail/CVE-2013-4407

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4407

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4407

EUVD