View Full Version : Perl CGI.pm module security issue

10-15-2003, 07:58 AM
Versions of CGI.pm prior to 2.94 need to be upgraded to fix a cross site security issue.


10-15-2003, 08:11 AM
In the report it states that the vunrability lies in using start_form() in your scripts. As far as I am aware of it none of the WestHost provided scripts us this but I may wrong. I would suggest that untill we know if WestHost had updated CGI.pm or that we hear from them on this that if you are using this in your scripts that you change or disable it if you are worried about it.


WestHost - MStevenson
10-15-2003, 09:15 AM
I am asking a higher level tech about this right now, I will let you know what I find out.

10-15-2003, 09:16 AM
Thanks Mark. By the way how is the best way to report a "bug". I think I found one in guestbook install. Don't know if the forum or a support ticket is the best way to go.

10-15-2003, 10:18 AM
You can test the version of CGI.pm from the shell with
perl -MCGI -e 'print $CGI::VERSION'

WestHost - MStevenson
10-15-2003, 10:39 AM
I just heard back from the higher level techs that they are working on this and were apparently aware of this before I had told them. I will let you know when I know anything more.

WestHost - MStevenson
10-15-2003, 10:40 AM

You can either submit a ticket or post it here and we will look at it.

10-15-2003, 10:50 AM
Mark here is a link to the topic about the guestbook bug if it would help to direct tech to it. http://forums.westhost.com/phpBB2/viewtopic.php?p=6874&highlight=#6874