oss-sec mailing list archives
"New Class of Vulnerability in Perl Web Applications"
From: Solar Designer <solar () openwall com>
Date: Tue, 7 Oct 2014 15:13:51 +0400
Hi, I feel this is worth bringing in here (and I wish someone wrote a proper mailing list posting with this info, to have it properly archived): New Class of Vulnerability in Perl Web Applications http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/ "While perl may have a particularly subtle manifestation, this is not Perl-specific." http://www.reddit.com/r/netsec/comments/2ihen0/new_class_of_vulnerability_in_perl_web/ Bugzilla 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory http://www.bugzilla.org/security/4.0.14/ Bug 1074812 - (CVE-2014-1572) [SECURITY] The 'realname' parameter is not correctly filtered on user account creation, leading to user data override https://bugzilla.mozilla.org/show_bug.cgi?id=1074812 http://www.opennet.ru/opennews/art.shtml?num=40766 (Russian) Alexander
Current thread:
- "New Class of Vulnerability in Perl Web Applications" Solar Designer (Oct 07)