Bug 602800 (CVE-2010-2253)
Summary: | CVE-2010-2253 perl-libwww-perl: multiple HTTP client download filename vulnerability [OCERT 2010-001] | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | |||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | unspecified | CC: | jlieskov, mjc, mmaslano, security-response-team | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://www.ocert.org/advisories/ocert-2010-001.html | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | CVE-2010-2251 | Environment: | |||||||
Last Closed: | 2021-06-11 21:04:17 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 637788 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Vincent Danen
2010-06-10 19:22:39 UTC
Created attachment 448870 [details]
lwp-download patch
Patch from upstream:
commit 2f7ce2e0fc25c85806295142f9ec8d082c072c56
Author: Gisle Aas <gisle>
Date: Mon Feb 8 21:59:28 2010 +0100
lwp-download now needs the -s option to honor the Content-Disposition header
This issue is not planned to be fixed in Red Hat Certificate System v7.2 and 7.3 where only qualified security errata of critical impact are addressed. http://www.redhat.com/security/updates/certificate/ lwp-download is a sample application shipped with perl-libwww-perl which is affected by this vulnerability. However the libwww perl library is not affected. Perl scripts would use LWP library in order to download files, hence the scope of this vulnerability is limited to the sample script. Created perl-libwww-perl tracking bugs for this issue Affects: fedora-all [bug 637788] This issue affects the versions of the perl-libwww-perl package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. -- This issue affects the versions of the perl-libwww-perl package, as shipped with Fedora release of 12 and 13. Statement: This issue affects the versions of the perl-libwww-perl package, as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2010-2253 |