[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4410Date: (C)2010-12-06   (M)2023-12-22


CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-43068
SECUNIA-43147
BID-44199
BID-45145
ADV-2010-3230
ADV-2011-0212
ADV-2011-0249
FEDORA-2011-0631
FEDORA-2011-0653
MDVSA-2010:237
MDVSA-2010:252
RHSA-2011:1797
SUSE-SR:2011:002
SUSE-SR:2011:005
http://openwall.com/lists/oss-security/2010/12/01/1
http://openwall.com/lists/oss-security/2010/12/01/3
http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm
http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1
http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
https://bugzilla.redhat.com/show_bug.cgi?id=658970

CPE    172
cpe:/a:andy_armstrong:cgi-simple:1.111
cpe:/a:andy_armstrong:cgi.pm:2.28
cpe:/a:andy_armstrong:cgi-simple:1.110
cpe:/a:andy_armstrong:cgi.pm:2.29
...
CWE    1
CWE-94
OVAL    11
oval:org.secpod.oval:def:201624
oval:org.secpod.oval:def:201611
oval:org.secpod.oval:def:300312
oval:org.secpod.oval:def:200229
...

© SecPod Technologies