Helpful Information
 
 
Category: Comments / Suggestions
Perl CGI.pm module security issue

Versions of CGI.pm prior to 2.94 need to be upgraded to fix a cross site security issue.

http://eyeonsecurity.org/advisories/CGI.pm/adv.html

In the report it states that the vunrability lies in using start_form() in your scripts. As far as I am aware of it none of the WestHost provided scripts us this but I may wrong. I would suggest that untill we know if WestHost had updated CGI.pm or that we hear from them on this that if you are using this in your scripts that you change or disable it if you are worried about it.

Shawn

I am asking a higher level tech about this right now, I will let you know what I find out.

Thanks Mark. By the way how is the best way to report a "bug". I think I found one in guestbook install. Don't know if the forum or a support ticket is the best way to go.

You can test the version of CGI.pm from the shell with
perl -MCGI -e 'print $CGI::VERSION'

I just heard back from the higher level techs that they are working on this and were apparently aware of this before I had told them. I will let you know when I know anything more.

Wildjoker,

You can either submit a ticket or post it here and we will look at it.

Mark here is a link to the topic about the guestbook bug if it would help to direct tech to it. http://forums.westhost.com/phpBB2/viewtopic.php?p=6874&highlight=#6874










privacy (GDPR)