Vulnerability Name:

CVE-2010-2253 (CCN-60204)

Assigned:2010-05-17
Published:2010-05-17
Updated:2018-10-30
Summary:lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:File Manipulation
References:Source: CONFIRM
Type: UNKNOWN
http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes

Source: MITRE
Type: CNA
CVE-2010-2253

Source: CCN
Type: libwww-perl Web page
libwww-perl

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-15405

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-15532

Source: CCN
Type: oss-security Mailing List, 2010-05-17 12:03:22
2010-001 multiple http client unexpected download filename vulnerability

Source: MLIST
Type: UNKNOWN
[oss-security] 20100517 [oCERT-2010-001] multiple http client unexpected download filename vulnerability

Source: MLIST
Type: UNKNOWN
[oss-security] 20100609 Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability

Source: MISC
Type: UNKNOWN
http://www.ocert.org/advisories/ocert-2010-001.html

Source: CCN
Type: OSVDB ID: 66107
libwww-perl lwp-download Multiple Header Dot Character Arbitrary File Overwrite

Source: CCN
Type: BID-65722
GNU Wget CVE-2010-2252 Arbitrary File Overwrite Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-981-1

Source: VUPEN
Type: UNKNOWN
ADV-2010-2872

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=591580

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=602800

Source: XF
Type: UNKNOWN
libwwwperl-lwpdownload-file-overwrite(60204)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gisle_aas:libwww-perl:0.01:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:0.02:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:0.03:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:0.04:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.00:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.07:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.08:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.09:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.10:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.13:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.14:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.15:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.16:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.17:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.18:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.18_03:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.18_04:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.18_05:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.19:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.20:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.21:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.22:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.30:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.31:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.32:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.33:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.34:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.35:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.36:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.41:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.42:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.43:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.44:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.45:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.46:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.47:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.48:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.49:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.50:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.51:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.52:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_90:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_91:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_92:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_93:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_94:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_95:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_96:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.53_97:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.60:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.61:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.62:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.63:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.64:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.65:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.66:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.67:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.68:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.69:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.70:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.71:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.72:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.73:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.74:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.75:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.76:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.77:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.78:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.79:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.800:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.801:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.802:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.803:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.804:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.805:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.806:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.807:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.808:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.810:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.811:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.812:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.813:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.814:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.815:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.816:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.817:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.818:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.819:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.820:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.821:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.822:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.823:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.824:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.825:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.826:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.827:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.828:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.829:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.830:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.831:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.832:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5.833:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b5:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b6:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b7:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b8:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b9:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b10:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b11:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b12:*:*:*:*:*:*:*
  • OR cpe:/a:gisle_aas:libwww-perl:5b13:*:*:*:*:*:*:*
  • OR cpe:/a:search.cpan:libwww-perl:5.40_01:*:*:*:*:*:*:*
  • OR cpe:/a:search.cpan:libwww-perl:*:*:*:*:*:*:*:* (Version <= 5.834)

    • Configuration CCN 1:
  • cpe:/a:search.cpan:libwww-perl:5.40_01:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13202
    P
    		USN-981-1 -- libwww-perl vulnerability
    2014-06-30
    BACK
    gisle_aas libwww-perl 0.01
    gisle_aas libwww-perl 0.02
    gisle_aas libwww-perl 0.03
    gisle_aas libwww-perl 0.04
    gisle_aas libwww-perl 5.00
    gisle_aas libwww-perl 5.01
    gisle_aas libwww-perl 5.02
    gisle_aas libwww-perl 5.03
    gisle_aas libwww-perl 5.04
    gisle_aas libwww-perl 5.05
    gisle_aas libwww-perl 5.06
    gisle_aas libwww-perl 5.07
    gisle_aas libwww-perl 5.08
    gisle_aas libwww-perl 5.09
    gisle_aas libwww-perl 5.10
    gisle_aas libwww-perl 5.11
    gisle_aas libwww-perl 5.12
    gisle_aas libwww-perl 5.13
    gisle_aas libwww-perl 5.14
    gisle_aas libwww-perl 5.15
    gisle_aas libwww-perl 5.16
    gisle_aas libwww-perl 5.17
    gisle_aas libwww-perl 5.18
    gisle_aas libwww-perl 5.18_03
    gisle_aas libwww-perl 5.18_04
    gisle_aas libwww-perl 5.18_05
    gisle_aas libwww-perl 5.19
    gisle_aas libwww-perl 5.20
    gisle_aas libwww-perl 5.21
    gisle_aas libwww-perl 5.22
    gisle_aas libwww-perl 5.30
    gisle_aas libwww-perl 5.31
    gisle_aas libwww-perl 5.32
    gisle_aas libwww-perl 5.33
    gisle_aas libwww-perl 5.34
    gisle_aas libwww-perl 5.35
    gisle_aas libwww-perl 5.36
    gisle_aas libwww-perl 5.41
    gisle_aas libwww-perl 5.42
    gisle_aas libwww-perl 5.43
    gisle_aas libwww-perl 5.44
    gisle_aas libwww-perl 5.45
    gisle_aas libwww-perl 5.46
    gisle_aas libwww-perl 5.47
    gisle_aas libwww-perl 5.48
    gisle_aas libwww-perl 5.49
    gisle_aas libwww-perl 5.50
    gisle_aas libwww-perl 5.51
    gisle_aas libwww-perl 5.52
    gisle_aas libwww-perl 5.53
    gisle_aas libwww-perl 5.53_90
    gisle_aas libwww-perl 5.53_91
    gisle_aas libwww-perl 5.53_92
    gisle_aas libwww-perl 5.53_93
    gisle_aas libwww-perl 5.53_94
    gisle_aas libwww-perl 5.53_95
    gisle_aas libwww-perl 5.53_96
    gisle_aas libwww-perl 5.53_97
    gisle_aas libwww-perl 5.60
    gisle_aas libwww-perl 5.61
    gisle_aas libwww-perl 5.62
    gisle_aas libwww-perl 5.63
    gisle_aas libwww-perl 5.64
    gisle_aas libwww-perl 5.65
    gisle_aas libwww-perl 5.66
    gisle_aas libwww-perl 5.67
    gisle_aas libwww-perl 5.68
    gisle_aas libwww-perl 5.69
    gisle_aas libwww-perl 5.70
    gisle_aas libwww-perl 5.71
    gisle_aas libwww-perl 5.72
    gisle_aas libwww-perl 5.73
    gisle_aas libwww-perl 5.74
    gisle_aas libwww-perl 5.75
    gisle_aas libwww-perl 5.76
    gisle_aas libwww-perl 5.77
    gisle_aas libwww-perl 5.78
    gisle_aas libwww-perl 5.79
    gisle_aas libwww-perl 5.800
    gisle_aas libwww-perl 5.801
    gisle_aas libwww-perl 5.802
    gisle_aas libwww-perl 5.803
    gisle_aas libwww-perl 5.804
    gisle_aas libwww-perl 5.805
    gisle_aas libwww-perl 5.806
    gisle_aas libwww-perl 5.807
    gisle_aas libwww-perl 5.808
    gisle_aas libwww-perl 5.810
    gisle_aas libwww-perl 5.811
    gisle_aas libwww-perl 5.812
    gisle_aas libwww-perl 5.813
    gisle_aas libwww-perl 5.814
    gisle_aas libwww-perl 5.815
    gisle_aas libwww-perl 5.816
    gisle_aas libwww-perl 5.817
    gisle_aas libwww-perl 5.818
    gisle_aas libwww-perl 5.819
    gisle_aas libwww-perl 5.820
    gisle_aas libwww-perl 5.821
    gisle_aas libwww-perl 5.822
    gisle_aas libwww-perl 5.823
    gisle_aas libwww-perl 5.824
    gisle_aas libwww-perl 5.825
    gisle_aas libwww-perl 5.826
    gisle_aas libwww-perl 5.827
    gisle_aas libwww-perl 5.828
    gisle_aas libwww-perl 5.829
    gisle_aas libwww-perl 5.830
    gisle_aas libwww-perl 5.831
    gisle_aas libwww-perl 5.832
    gisle_aas libwww-perl 5.833
    gisle_aas libwww-perl 5b5
    gisle_aas libwww-perl 5b6
    gisle_aas libwww-perl 5b7
    gisle_aas libwww-perl 5b8
    gisle_aas libwww-perl 5b9
    gisle_aas libwww-perl 5b10
    gisle_aas libwww-perl 5b11
    gisle_aas libwww-perl 5b12
    gisle_aas libwww-perl 5b13
    search.cpan libwww-perl 5.40_01
    search.cpan libwww-perl *
    search.cpan libwww-perl 5.40_01
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.0
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010