CVE-2011-1589
Summary
| CVE | CVE-2011-1589 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-04-29 22:55:02 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mojolicious | Mojolicious | 0.2 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.3 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.4 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.5 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.6 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.7 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8.1 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8.2 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8.3 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8.4 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8.5 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8006 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8007 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8008 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.8009 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.9 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.9001 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.9002 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991231 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991232 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991233 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991234 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991235 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991236 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991237 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991238 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991239 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991240 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991241 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991242 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991243 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991244 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991245 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991246 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991250 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.991251 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999901 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999902 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999903 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999904 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999905 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999906 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999907 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999908 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999909 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999910 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999911 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999912 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999913 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999914 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999920 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999921 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999922 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999923 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999924 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999925 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999926 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999927 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999928 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999929 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999930 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999931 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999932 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999933 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999934 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999935 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999936 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999937 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999938 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999939 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999940 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999941 | All | All | All |
| Application | Mojolicious | Mojolicious | 0.999950 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.0 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.01 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.1 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.11 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.12 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.13 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.14 | All | All | All |
| Application | Mojolicious | Mojolicious | 1.15 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 14 Update: perl-Mojolicious-0.999929-2.fc14 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes | af854a3a-2127-422b-91ae-364da2661108 | cpansearch.perl.org | |
| Mojolicious Directory Traversal Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Debian -- Security Information -- DSA-2221-1 libmojolicious-perl | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Path security vulnerability · Issue #114 · mojolicious/mojo · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Exploit |
| #622952 - libmojolicious-perl: Path security vulnerability - Debian Bug report logs | af854a3a-2127-422b-91ae-364da2661108 | bugs.debian.org | Exploit |
| Mojolicious Directory Traversal and Script Insertion Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Sharks in the water... - This ain't comedy | af854a3a-2127-422b-91ae-364da2661108 | perlninja.posterous.com | |
| Fedora update for perl-Mojolicious - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Bug 697229 – CVE-2011-1589 perl-Mojolicious: directory traversal flaw | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Exploit, Patch |
| search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz | af854a3a-2127-422b-91ae-364da2661108 | search.cpan.org | Patch |
| www.osvdb.org/71850 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | Exploit |
| [SECURITY] Fedora 13 Update: perl-Mojolicious-0.999925-3.fc13 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| fixed critical security issue that can expose files on your system an… · mojolicious/mojo@b098549 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| oss-security - Re: CVE request: Mojolicious directory traversal vulnerability | af854a3a-2127-422b-91ae-364da2661108 | openwall.com | Exploit |
| oss-security - CVE request: Mojolicious directory traversal vulnerability | af854a3a-2127-422b-91ae-364da2661108 | openwall.com | Exploit, Patch |
| oss-security - CVE request: Mojolicious | af854a3a-2127-422b-91ae-364da2661108 | openwall.com | Exploit, Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.