/ 
libwww-perl-5.21
River stage four • 2204 direct dependents • 6286 total dependents
/ HTTP::Message
Security Advisories (4)
CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

NAME

HTTP::Message - Class encapsulating HTTP messages

SYNOPSIS

package HTTP::Request;  # or HTTP::Response
require HTTP::Message;
@ISA=qw(HTTP::Message);

DESCRIPTION

A HTTP::Message object contains some headers and a content (body). The class is abstract, i.e. it only used as a base class for HTTP::Request and HTTP::Response and should never instantiated as itself.

The following methods are available:

$mess = new HTTP::Message;

This is the object constructor. It should only be called internally by this library. External code should construct HTTP::Request or HTTP::Response objects.

$mess->clone()

Returns a copy of the object.

$mess->protocol([$proto])

Sets the HTTP protocol used for the message. The protocol() is a string like "HTTP/1.0" or "HTTP/1.1".

$mess->content([$content])

The content() method sets the content if an argument is given. If no argument is given the content is not touched. In either case the previous content is returned.

$mess->add_content($data)

The add_content() methods appends more data to the end of the previous content.

$mess->content_ref

The content_ref() method will return a reference to content string. It can be more efficient to access the content this way if the content is huge, and it can be used for direct manipulation of the content, for instance:

${$res->content_ref} =~ s/\bfoo\b/bar/g;
$mess->headers;

Return the embedded HTTP::Headers object.

$mess->headers_as_string([$endl])

Call the HTTP::Headers->as_string() method for the headers in the message.

All unknown HTTP::Message methods are delegated to the HTTP::Headers object that is part of every message. This allows convenient access to these methods. Refer to HTTP::Headers for details of these methods:

$mess->header($field => $val);
$mess->scan(\&doit);
$mess->push_header($field => $val);
$mess->remove_header($field);

$mess->date;
$mess->expires;
$mess->if_modified_since;
$mess->if_unmodified_since;
$mess->last_modified;
$mess->content_type;
$mess->content_encoding;
$mess->content_length;
$mess->content_language
$mess->title;
$mess->user_agent;
$mess->server;
$mess->from;
$mess->referer;
$mess->www_authenticate;
$mess->authorization;
$mess->proxy_authorization;
$mess->authorization_basic;
$mess->proxy_authorization_basic;

COPYRIGHT

Copyright 1995-1997 Gisle Aas.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.