Strix
26.1K

CVE-2013-4407

UnknownEPSS 2.88%

Last modified

CVE-2013-4407 is a vulnerability of currently unknown severity. HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.. EPSS estimates a 2.88% chance of exploitation in the next 30 days.

Description

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Metrics

EPSS Probability
2.88%

85.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Http-Body ProjectHttp-Body<= 1.17
Http-Body ProjectHttp-Body0.01
Http-Body ProjectHttp-Body0.2
Http-Body ProjectHttp-Body0.03
Http-Body ProjectHttp-Body0.4
Http-Body ProjectHttp-Body0.5
Http-Body ProjectHttp-Body0.6
Http-Body ProjectHttp-Body0.7
Http-Body ProjectHttp-Body0.8
Http-Body ProjectHttp-Body0.9
Http-Body ProjectHttp-Body1.00
Http-Body ProjectHttp-Body1.01
Http-Body ProjectHttp-Body1.02
Http-Body ProjectHttp-Body1.03
Http-Body ProjectHttp-Body1.04
Http-Body ProjectHttp-Body1.05
Http-Body ProjectHttp-Body1.06
Http-Body ProjectHttp-Body1.07
Http-Body ProjectHttp-Body1.08
Http-Body ProjectHttp-Body1.09
Http-Body ProjectHttp-Body1.10
Http-Body ProjectHttp-Body1.11
Http-Body ProjectHttp-Body1.12
Http-Body ProjectHttp-Body1.14
Http-Body ProjectHttp-Body1.15
Http-Body ProjectHttp-Body1.16

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-4407?
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
How severe is CVE-2013-4407?
Severity scoring for CVE-2013-4407 is pending analysis. The EPSS model estimates a 2.88% probability of exploitation in the next 30 days.
How do I fix CVE-2013-4407?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-4407?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST