Code: p130 Severity: Warning
Description: PerlIS can process perl script requests sent by user, however, it did not check the length of URL request. If the user sends a long URL request, PerlIS will call strcpy to copy it to a stack buffer area, which will lead to a buffer overflow. An attacker could cover some sensitive data in stack, such as the return address, etc. If constructed URL request carefully, attacker can execut of arbitrary code remotely. Impact: Activestate ActivePerl 5.6.1.629 and older version - Microsoft Windows IIS 4.0 / - Microsoft Windows IIS 5.0 Corrective: Update System http://www.activestate.com/Products/ActivePerl/download.plex
|
