You are here

CVE-2011-3597

Vincent (CVE) Danen's picture
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

Details Source

Mitre

Public Date

2011-10-02 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-3597 Perl Digest improper control of generation of code

Bugzilla ID

743 010

CVSS Status

verified

Base Score

5.10

Base Metrics

AV:N/AC:H/Au:N/C:P/I:P/A:P

IAVA

2012-A-0148, 2012-A-0153

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (perl) RHSA-2011:1797 2011-12-08
Red Hat Enterprise Linux 4 (perl) RHSA-2011:1797 2011-12-08
Red Hat Enterprise Linux 6 (perl) RHSA-2011:1424 2011-11-03

Affected Packages State

Platform Package State
Red Hat Directory Server 8 perl Will not fix
Red Hat Certificate System 7.3 for 4AS perl Will not fix