{
  "threat_severity" : "Low",
  "public_date" : "2011-03-30T00:00:00Z",
  "bugzilla" : {
    "description" : "perl: lc(), uc() routines are laundering tainted data",
    "id" : "692898",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "details" : [ "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string." ],
  "statement" : "The Red Hat Security Response Team has rated this issue as having low security impact, and it did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4 and 5.  A future update in Red Hat Enterprise Linux 6 may address this flaw.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0558",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "perl-4:5.10.1-119.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "perl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1487\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1487" ],
  "name" : "CVE-2011-1487",
  "csaw" : false
}