CVE-2013-4407
Description
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded files name after the first . character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
0.83
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| libhttp-body-perl security update(DSA-2801-1) libhttp-body-perl_1.22-1_all.deb | Linux |
| libhttp-body-perl security update(DSA-2801-1) libhttp-body-perl_1.11-1+deb7u1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234