Security Advisories (3)

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

https://github.com/libwww-perl/libwww-perl/pull/270

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

NAME

HTTP::Status - HTTP Status code processing

SYNOPSIS

use HTTP::Status;

if ($rc != RC_OK) {
    print status_message($rc), "\n";
}

if (is_success($rc)) { ... }
if (is_error($rc)) { ... }
if (is_redirect($rc)) { ... }

DESCRIPTION

HTTP::Status is a library of routines for defining and classifying HTTP status codes for libwww-perl. Status codes are used to encode the overall outcome of a HTTP response message. Codes correspond to those defined in RFC 2616 and RFC 2518.

CONSTANTS

The following constant functions can be used as mnemonic status code names:

RC_CONTINUE				(100)
RC_SWITCHING_PROTOCOLS		(101)
RC_PROCESSING                        (102)

RC_OK				(200)
RC_CREATED				(201)
RC_ACCEPTED				(202)
RC_NON_AUTHORITATIVE_INFORMATION	(203)
RC_NO_CONTENT			(204)
RC_RESET_CONTENT			(205)
RC_PARTIAL_CONTENT			(206)
RC_MULTI_STATUS                      (207)

RC_MULTIPLE_CHOICES			(300)
RC_MOVED_PERMANENTLY			(301)
RC_FOUND				(302)
RC_SEE_OTHER				(303)
RC_NOT_MODIFIED			(304)
RC_USE_PROXY				(305)
RC_TEMPORARY_REDIRECT		(307)

RC_BAD_REQUEST			(400)
RC_UNAUTHORIZED			(401)
RC_PAYMENT_REQUIRED			(402)
RC_FORBIDDEN				(403)
RC_NOT_FOUND				(404)
RC_METHOD_NOT_ALLOWED		(405)
RC_NOT_ACCEPTABLE			(406)
RC_PROXY_AUTHENTICATION_REQUIRED	(407)
RC_REQUEST_TIMEOUT			(408)
RC_CONFLICT				(409)
RC_GONE				(410)
RC_LENGTH_REQUIRED			(411)
RC_PRECONDITION_FAILED		(412)
RC_REQUEST_ENTITY_TOO_LARGE		(413)
RC_REQUEST_URI_TOO_LARGE		(414)
RC_UNSUPPORTED_MEDIA_TYPE		(415)
RC_REQUEST_RANGE_NOT_SATISFIABLE     (416)
RC_EXPECTATION_FAILED		(417)
RC_UNPROCESSABLE_ENTITY              (422)
RC_LOCKED                            (423)
RC_FAILED_DEPENDENCY                 (424)

RC_INTERNAL_SERVER_ERROR		(500)
RC_NOT_IMPLEMENTED			(501)
RC_BAD_GATEWAY			(502)
RC_SERVICE_UNAVAILABLE		(503)
RC_GATEWAY_TIMEOUT			(504)
RC_HTTP_VERSION_NOT_SUPPORTED	(505)
RC_INSUFFICIENT_STORAGE              (507)

FUNCTIONS

The following additional functions are provided. Most of them are exported by default.

status_message($code)

The status_message() function will translate status codes to human readable strings. The string is the same as found in the constant names above. If the $code is unknown, then undef is returned.

is_info($code)

Return TRUE if $code is an Informational status code. This class of status code indicates a provisional response which can't have any content.

is_success($code)

Return TRUE if $code is a Successful status code.

is_redirect($code)

Return TRUE if $code is a Redirection status code. This class of status code indicates that further action needs to be taken by the user agent in order to fulfill the request.

is_error($code)

Return TRUE if $code is an Error status code. The function return TRUE for both client error or a server error status codes.

is_client_error($code)

Return TRUE if $code is an Client Error status code. This class of status code is intended for cases in which the client seems to have erred.

This function is not exported by default.

is_server_error($code)

Return TRUE if $code is an Server Error status code. This class of status codes is intended for cases in which the server is aware that it has erred or is incapable of performing the request.

This function is not exported by default.

BUGS

Wished @EXPORT_OK had been used instead of @EXPORT in the beginning. Now too much is exported by default.

To install LWP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LWP

CPAN shell

perl -MCPAN -e shell
install LWP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)