Search for vulnerabilities
Vulnerability details: VCID-dz2y-h7hn-aaad
Vulnerability ID VCID-dz2y-h7hn-aaad
Aliases CVE-2011-1487
Summary The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0558
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.01698 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.02149 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.02149 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.02149 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.02149 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.04988 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.05592 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
epss 0.0902 https://api.first.org/data/v1/epss?cve=CVE-2011-1487
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2011-1487
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1487.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1487
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
http://www.debian.org/security/2011/dsa-2265
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
http://www.securityfocus.com/bid/47124
622817 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622817
cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*
CVE-2011-1487 https://nvd.nist.gov/vuln/detail/CVE-2011-1487
CVE-2011-1487;OSVDB-75047 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35554.txt
CVE-2011-1487;OSVDB-75047 Exploit https://www.securityfocus.com/bid/47124/info
GLSA-201311-17 https://security.gentoo.org/glsa/201311-17
RHSA-2011:0558 https://access.redhat.com/errata/RHSA-2011:0558
USN-1129-1 https://usn.ubuntu.com/1129-1/
Data source Exploit-DB
Date added March 30, 2011
Description Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass
Ransomware campaign use Known
Source publication date March 30, 2011
Exploit type remote
Platform linux
Source update date Dec. 16, 2014
Source URL https://www.securityfocus.com/bid/47124/info
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1487
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88134
EPSS Score 0.01698
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.