CPANSA-CGI-2012-5526: CGI vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2012-11-21T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2012-11-21T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Vulnerabilities
CVE-2012-5526
Vulnerability DescriptionCGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
| Weakness | CWE-16 : Configuration |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| CGI less than 3.63 |
|
Fixed
- CGI greater than or equal 3.63
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-CGI-2012-5526 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2012/cpansa-cgi-2012-5526.json - http://www.securityfocus.com/bid/56562 external
http://www.securityfocus.com/bid/56562 - http://www.openwall.com/lists/oss-security/2012/11/15/6 external
http://www.openwall.com/lists/oss-security/2012/11/15/6 - https://github.com/markstos/CGI.pm/pull/23 external
https://github.com/markstos/CGI.pm/pull/23 - http://www.securitytracker.com/id?1027780 external
http://www.securitytracker.com/id?1027780 - http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes external
http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes - http://secunia.com/advisories/51457 external
http://secunia.com/advisories/51457 - http://www.ubuntu.com/usn/USN-1643-1 external
http://www.ubuntu.com/usn/USN-1643-1 - http://www.debian.org/security/2012/dsa-2586 external
http://www.debian.org/security/2012/dsa-2586 - http://rhn.redhat.com/errata/RHSA-2013-0685.html external
http://rhn.redhat.com/errata/RHSA-2013-0685.html - http://secunia.com/advisories/55314 external
http://secunia.com/advisories/55314 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html external
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - https://exchange.xforce.ibmcloud.com/vulnerabilities/80098 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/80098 - CVE-2012-5526 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2012-5526
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Wed Nov 21 00:00:00 2012 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/