Vulnerability Details CVE-2011-3597
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.149
EPSS Ranking 94.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
- http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://secunia.com/advisories/46279
- http://secunia.com/advisories/51457
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:009
- http://www.redhat.com/support/errata/RHSA-2011-1424.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://www.securityfocus.com/bid/49911
- http://www.ubuntu.com/usn/USN-1643-1
- https://bugzilla.redhat.com/show_bug.cgi?id=743010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
- http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
- http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://secunia.com/advisories/46279
- http://secunia.com/advisories/51457
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:009
- http://www.redhat.com/support/errata/RHSA-2011-1424.html
- http://www.redhat.com/support/errata/RHSA-2011-1797.html
- http://www.securityfocus.com/bid/49911
- http://www.ubuntu.com/usn/USN-1643-1
- https://bugzilla.redhat.com/show_bug.cgi?id=743010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Products affected by CVE-2011-3597
-
cpe:2.3:a:gisle_aas:digest:1.00
-
cpe:2.3:a:gisle_aas:digest:1.01
-
cpe:2.3:a:gisle_aas:digest:1.02
-
cpe:2.3:a:gisle_aas:digest:1.03
-
cpe:2.3:a:gisle_aas:digest:1.04
-
cpe:2.3:a:gisle_aas:digest:1.05
-
cpe:2.3:a:gisle_aas:digest:1.06
-
cpe:2.3:a:gisle_aas:digest:1.07
-
cpe:2.3:a:gisle_aas:digest:1.08
-
cpe:2.3:a:gisle_aas:digest:1.09
-
cpe:2.3:a:gisle_aas:digest:1.10
-
cpe:2.3:a:gisle_aas:digest:1.11
-
cpe:2.3:a:gisle_aas:digest:1.12
-
cpe:2.3:a:gisle_aas:digest:1.13
-
cpe:2.3:a:gisle_aas:digest:1.14
-
cpe:2.3:a:gisle_aas:digest:1.15
-
cpe:2.3:a:gisle_aas:digest:1.16