Security Advisories (4)

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

https://github.com/libwww-perl/libwww-perl/pull/270

NAME

guess_media_type - guess media type for a file or a URL.

media_suffix - returns file extentions for a media type

SYNOPSIS

use LWP::MediaTypes qw(guess_media_type);
$type = guess_media_type("/tmp/foo.gif");

DESCRIPTION

This module provides functions for handling of media (also known as MIME) types and encodings. The mapping from file extentions to media types is defined by the media.types file. If the ~/.media.types file exist it is used as a replacement.

For backwards compatability we will also look for ~/.mime.types.

FUNCTIONS

guess_media_type($filename_or_url, [$header_to_modify])

This function tries to guess media type and encoding for given file. In scalar context it returns only the content-type. In array context it returns an array consisting of content-type followed by any content-encodings applied.

The guess_media_type function also accepts a URI::URL object as argument.

If the type can not be deduced from looking at the file name only, then guess_media_type() will take a look at the actual file using the -T perl operator in order to determine if this is a text file (text/plain). If this does not work it will return application/octet-stream as the type.

The optional second argument should be a reference to a HTTP::Headers object (or some HTTP::Message object). When present this function will set the value of the 'Content-Type' and 'Content-Encoding' for this header.

media_suffix($type,...)

This function will return all suffixes that can be used to denote the specified media type(s). Wildcard types can be used. In scalar context it will return the first suffix found.

Examples:

@suffixes = media_suffix('image/*', 'audio/basic');
$suffix = media_suffix('text/html');

To install LWP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LWP

CPAN shell

perl -MCPAN -e shell
install LWP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)