Vulnerability Details : CVE-2011-3597
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
Products affected by CVE-2011-3597
- cpe:2.3:a:gisle_aas:digest:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:gisle_aas:digest:1.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3597
14.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3597
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-3597
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3597
-
http://www.redhat.com/support/errata/RHSA-2011-1797.html
Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:009
mandriva.com
-
http://secunia.com/advisories/46279
Sign inVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Repository / Oval Repository
-
http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://www.redhat.com/support/errata/RHSA-2011-1424.html
Support
-
http://www.securityfocus.com/bid/49911
Perl Digest Module 'Digest->new()' Code Injection Vulnerability
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
mandriva.com
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
Juniper Networks - 2016-04 Security Bulletin: CTP Series: Multiple vulnerabilities in CTP Series
-
http://www.ubuntu.com/usn/USN-1643-1
USN-1643-1: Perl vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=743010
743010 – (CVE-2011-3597) CVE-2011-3597 Perl Digest improper control of generation of codePatch
-
http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
-
http://secunia.com/advisories/51457
Sign in
Jump to