Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: eperl1.htm

ePerl 2.1.12 Security Issues



    Systems with ePerl 2.1.12


    Tiago  Luz  Pinto  found  following.   ePerl  is an embedded Perl.
    There's  a  problem  of  incorrect  Handling  of  ISINDEX  queries
    (command  line  argument)  when  ePerl  runs  as  a   nph-cgi/cgi.
    According with the CGI/1.1 specification, the HTTP server executes
    CGI's passing the ISINDEX field as a command line argument.   When
    ePerl runs  and gets  this argument  (argc >  1), it  fails to set
    MODE_CGI, then tries to  open the argument for  parsing/executing.
    This  way  one  can  evaluate  ePerl pages through different URLs.


    Users of ePerl 2.2.12 I encourage to upgrade to ePerl 2.2.13.  The
    distribution eperl-2.2.13.tar.gz is available under

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH