CVE-2017-16248 Information

Description

The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a ‘.’ character anywhere in the pathname which differs from the intended policy of allowing access only when the filename itself has a ‘.’ character.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://bugs.debian.org/880458 https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple https://rt.cpan.org/Public/Bug/Display.html?id=120558

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5