VIR Vulnerability Intelligence Relay

CVE-2013-4407

medium
Published 2013-11-23 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4407

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.17-2
debian debianbullseyefixed1.17-2
debian debianforkyfixed1.17-2
debian debiansidfixed1.17-2
debian debiantrixiefixed1.17-2

Application impact
VendorProductVersionsFixed
http-body_projecthttp-body{"endIncluding":"1.17"}
http-body_projecthttp-body0.01
http-body_projecthttp-body0.2
http-body_projecthttp-body0.03
http-body_projecthttp-body0.4
http-body_projecthttp-body0.5
http-body_projecthttp-body0.6
http-body_projecthttp-body0.7
http-body_projecthttp-body0.8
http-body_projecthttp-body0.9
http-body_projecthttp-body1.00
http-body_projecthttp-body1.01
http-body_projecthttp-body1.02
http-body_projecthttp-body1.03
http-body_projecthttp-body1.04
http-body_projecthttp-body1.05
http-body_projecthttp-body1.06
http-body_projecthttp-body1.07
http-body_projecthttp-body1.08
http-body_projecthttp-body1.09
http-body_projecthttp-body1.10
http-body_projecthttp-body1.11
http-body_projecthttp-body1.12
http-body_projecthttp-body1.14
http-body_projecthttp-body1.15
http-body_projecthttp-body1.16

References

Verify integrity in audit chain (admin only). AS-IS.