Security Advisories (4)

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

https://github.com/libwww-perl/libwww-perl/pull/270

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

NAME

HTML::HeadParser - Parse <HEAD> section of a HTML document

SYNOPSIS

require HTML::HeadParser;
$p = HTML::HeadParser->new;
$p->parse($text) and  print "not finished";

$p->header('Title')          # to access <title>....</title>
$p->header('Content-Base')   # to access <base href="http://...">
$p->header('Foo')            # to access <meta http-equiv="Foo" content="...">

DESCRIPTION

The HTML::HeadParser is a specialized (and lightweight) HTML::Parser that will only parse the <HEAD>...</HEAD> section of a HTML document. The parse() and parse_file() methods will return a FALSE value as soon as a <BODY> element is found, and should not be called again after this.

The HTML::HeadParser constructor takes a HTTP::Headers object reference as argument. The parser will update this header object as the various head elements are recognized.

The following header fields are initialized from elements found in the lthead> section of a HTML document:

Content-Base:: The Content-Base header is initialized from the <base href="..."> element.
Title:: The Title header is initialized from the <title>...</title> element.
Isindex:: The Isindex header will be added if there is a <isindex> element in the <head>. The header value is initialized from the prompt attribute if it is present.
http-equiv: Any other header field can be initialized from a <meta http-equiv="header" content="..."> element.

EXAMPLES

$h = HTTP::Headers->new;
$p = HTML::HeadParser->new($h);
$p->parse(<<EOT);
<title>Stupid example</title>
<base href="http://www.sn.no/libwww-perl/">
Normal text starts here.
EOT
undef $p;
print $h->title;   # should print "Stupid example"

COPYRIGHT

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Gisle Aas <aas@sn.no>

To install LWP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LWP

CPAN shell

perl -MCPAN -e shell
install LWP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)