CVE-2011-1487

Perl 5.10.x-5.12.3 and 5.13.x-5.13.11 - Taint Protection Bypass via lc, lcfirst, uc, and ucfirst Functions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1487. PoCs published by mmartinec.

AI-analyzed exploit summary The provided code demonstrates a security-bypass weakness in Perl's TAINT mode, where tainted input can bypass sanitization checks via the `lc()` function. This is a proof-of-concept showing how tainted data remains tainted after case conversion, but does not include an exploit payload.

Description

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Exploits (1)

exploitdb WRITEUP VERIFIED
by mmartinec · textremotelinux
https://www.exploit-db.com/exploits/35554

The provided code demonstrates a security-bypass weakness in Perl's TAINT mode, where tainted input can bypass sanitization checks via the `lc()` function. This is a proof-of-concept showing how tainted data remains tainted after case conversion, but does not include an exploit payload.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: Perl (versions affected by CVE-2011-1487)
No auth needed
Prerequisites: Perl application relying on TAINT mode for input validation
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=692844
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44168
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43921
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2265
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47124
Exploit, Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/04/35
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=692898
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
Exploit, Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/01/3

Scores

EPSS 0.0841
EPSS Percentile 94.3%

Details

CWE
CWE-264
Status published
Products (24)
perl/perl 5.10.0 (3 CPE variants)
perl/perl 5.10.1 (3 CPE variants)
perl/perl 5.13.0
perl/perl 5.13.1
perl/perl 5.13.2
perl/perl 5.13.3
perl/perl 5.13.4
perl/perl 5.13.5
perl/perl 5.13.6
perl/perl 5.13.7
... and 14 more
Published Apr 11, 2011
Tracked Since Feb 18, 2026