CVE-2013-7329

Published: Oct 6, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.

Affected (1)

Products: Perl: Cgi Application Module

Perl

1 product

Cgi Application Module

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Perl Cgi Application Module	Up to 4.50

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129444.html

Source: cve@mitre.org

http://openwall.com/lists/oss-security/2014/02/19/11

Source: cve@mitre.org

http://www.securityfocus.com/bid/65687

Source: cve@mitre.org

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1067180

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/91735

Source: cve@mitre.org

https://github.com/markstos/CGI--Application/pull/15

Source: cve@mitre.org

https://rt.cpan.org/Public/Bug/Display.html?id=84403

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html