Описание
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-5526
- https://github.com/markstos/CGI.pm/pull/23
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
- http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/51457
- http://secunia.com/advisories/55314
- http://www.debian.org/security/2012/dsa-2586
- http://www.openwall.com/lists/oss-security/2012/11/15/6
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56562
- http://www.securitytracker.com/id?1027780
- http://www.ubuntu.com/usn/USN-1643-1
EPSS
CVE ID
Связанные уязвимости
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
CGI.pm module before 3.63 for Perl does not properly escape newlines i ...
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить целостность защищаемой информации
EPSS