Security Advisories (4)

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

https://github.com/libwww-perl/libwww-perl/pull/270

NAME

LWP::Debug - debug routines

SYNOPSIS

use LWP::Debug;

level('+');
level('-conns');

trace('send()');
debug('url ok');
conns("read $n bytes: $data");

debugl("Resolving hostname '$host'");

$SIG{'ALRM'} = 't';
alarm(1);
sub t {
    my $long = $LWP::Debug::longMsg();
    my $msg = 'Timeout';
    $msg .= ": $long" if defined $long;
    die $msg;
}

DESCRIPTION

LWP::Debug provides tracing facilities. The trace, debug and conns function log information at increasing levels of detail. Which level of detail is actually printed is controlled with the level() function.

FUNCTIONS

trace($msg)

The trace() function is used for tracing function calls. The package and calling subroutine name is printed along with the passed argument. This should be called at the start of every major function.

debug($msg)

The debug() function is used for high-granularity reporting of state in functions.

conns($msg)

The conns() function is used to show data being transferred over the connections. This may generate considerable output.

debugl($msg)

The debugl function is meant for operations which take long time; The message is processed by debug(), and stored for later use by for example an SIGALRM signal handler.

level(...)

The level() function controls the level of detail being logged. Passing '+' or '-' indicates full and no logging respectively. Inidividual levels can switched on and of by passing the name of the level with a '+' or '-' prepended.

longMsg($msg)

Retrieve message set by debugl()

To install LWP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LWP

CPAN shell

perl -MCPAN -e shell
install LWP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)